]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vmconfig_hotplug_pending : add update_net
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuServer;
17 use PVE::QemuMigrate;
18 use PVE::RPCEnvironment;
19 use PVE::AccessControl;
20 use PVE::INotify;
21 use PVE::Network;
22 use PVE::API2::Firewall::VM;
23
24 use Data::Dumper; # fixme: remove
25
26 use base qw(PVE::RESTHandler);
27
28 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
29
30 my $resolve_cdrom_alias = sub {
31 my $param = shift;
32
33 if (my $value = $param->{cdrom}) {
34 $value .= ",media=cdrom" if $value !~ m/media=/;
35 $param->{ide2} = $value;
36 delete $param->{cdrom};
37 }
38 };
39
40 my $test_deallocate_drive = sub {
41 my ($storecfg, $vmid, $key, $drive, $force) = @_;
42
43 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
44 my $volid = $drive->{file};
45 if ( PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
46 if ($force || $key =~ m/^unused/) {
47 my $sid = PVE::Storage::parse_volume_id($volid);
48 return $sid;
49 }
50 }
51 }
52
53 return undef;
54 };
55
56 my $check_storage_access = sub {
57 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
58
59 PVE::QemuServer::foreach_drive($settings, sub {
60 my ($ds, $drive) = @_;
61
62 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
63
64 my $volid = $drive->{file};
65
66 if (!$volid || $volid eq 'none') {
67 # nothing to check
68 } elsif ($isCDROM && ($volid eq 'cdrom')) {
69 $rpcenv->check($authuser, "/", ['Sys.Console']);
70 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
71 my ($storeid, $size) = ($2 || $default_storage, $3);
72 die "no storage ID specified (and no default storage)\n" if !$storeid;
73 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
74 } else {
75 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
76 }
77 });
78 };
79
80 my $check_storage_access_clone = sub {
81 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
82
83 my $sharedvm = 1;
84
85 PVE::QemuServer::foreach_drive($conf, sub {
86 my ($ds, $drive) = @_;
87
88 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
89
90 my $volid = $drive->{file};
91
92 return if !$volid || $volid eq 'none';
93
94 if ($isCDROM) {
95 if ($volid eq 'cdrom') {
96 $rpcenv->check($authuser, "/", ['Sys.Console']);
97 } else {
98 # we simply allow access
99 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
100 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
101 $sharedvm = 0 if !$scfg->{shared};
102
103 }
104 } else {
105 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
106 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
107 $sharedvm = 0 if !$scfg->{shared};
108
109 $sid = $storage if $storage;
110 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
111 }
112 });
113
114 return $sharedvm;
115 };
116
117 # Note: $pool is only needed when creating a VM, because pool permissions
118 # are automatically inherited if VM already exists inside a pool.
119 my $create_disks = sub {
120 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
121
122 my $vollist = [];
123
124 my $res = {};
125 PVE::QemuServer::foreach_drive($settings, sub {
126 my ($ds, $disk) = @_;
127
128 my $volid = $disk->{file};
129
130 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
131 delete $disk->{size};
132 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
133 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
134 my ($storeid, $size) = ($2 || $default_storage, $3);
135 die "no storage ID specified (and no default storage)\n" if !$storeid;
136 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
137 my $fmt = $disk->{format} || $defformat;
138 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
139 $fmt, undef, $size*1024*1024);
140 $disk->{file} = $volid;
141 $disk->{size} = $size*1024*1024*1024;
142 push @$vollist, $volid;
143 delete $disk->{format}; # no longer needed
144 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
145 } else {
146
147 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
148
149 my $volid_is_new = 1;
150
151 if ($conf->{$ds}) {
152 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
153 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
154 }
155
156 if ($volid_is_new) {
157
158 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
159
160 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
161
162 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
163
164 die "volume $volid does not exists\n" if !$size;
165
166 $disk->{size} = $size;
167 }
168
169 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
170 }
171 });
172
173 # free allocated images on error
174 if (my $err = $@) {
175 syslog('err', "VM $vmid creating disks failed");
176 foreach my $volid (@$vollist) {
177 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
178 warn $@ if $@;
179 }
180 die $err;
181 }
182
183 # modify vm config if everything went well
184 foreach my $ds (keys %$res) {
185 $conf->{$ds} = $res->{$ds};
186 }
187
188 return $vollist;
189 };
190
191 my $check_vm_modify_config_perm = sub {
192 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
193
194 return 1 if $authuser eq 'root@pam';
195
196 foreach my $opt (@$key_list) {
197 # disk checks need to be done somewhere else
198 next if PVE::QemuServer::valid_drivename($opt);
199
200 if ($opt eq 'sockets' || $opt eq 'cores' ||
201 $opt eq 'cpu' || $opt eq 'smp' ||
202 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
203 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
204 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
205 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
206 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
207 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
208 } elsif ($opt eq 'args' || $opt eq 'lock') {
209 die "only root can set '$opt' config\n";
210 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
211 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') {
212 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
213 } elsif ($opt =~ m/^net\d+$/) {
214 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
215 } else {
216 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
217 }
218 }
219
220 return 1;
221 };
222
223 __PACKAGE__->register_method({
224 name => 'vmlist',
225 path => '',
226 method => 'GET',
227 description => "Virtual machine index (per node).",
228 permissions => {
229 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
230 user => 'all',
231 },
232 proxyto => 'node',
233 protected => 1, # qemu pid files are only readable by root
234 parameters => {
235 additionalProperties => 0,
236 properties => {
237 node => get_standard_option('pve-node'),
238 },
239 },
240 returns => {
241 type => 'array',
242 items => {
243 type => "object",
244 properties => {},
245 },
246 links => [ { rel => 'child', href => "{vmid}" } ],
247 },
248 code => sub {
249 my ($param) = @_;
250
251 my $rpcenv = PVE::RPCEnvironment::get();
252 my $authuser = $rpcenv->get_user();
253
254 my $vmstatus = PVE::QemuServer::vmstatus();
255
256 my $res = [];
257 foreach my $vmid (keys %$vmstatus) {
258 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
259
260 my $data = $vmstatus->{$vmid};
261 $data->{vmid} = int($vmid);
262 push @$res, $data;
263 }
264
265 return $res;
266 }});
267
268
269
270 __PACKAGE__->register_method({
271 name => 'create_vm',
272 path => '',
273 method => 'POST',
274 description => "Create or restore a virtual machine.",
275 permissions => {
276 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
277 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
278 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
279 user => 'all', # check inside
280 },
281 protected => 1,
282 proxyto => 'node',
283 parameters => {
284 additionalProperties => 0,
285 properties => PVE::QemuServer::json_config_properties(
286 {
287 node => get_standard_option('pve-node'),
288 vmid => get_standard_option('pve-vmid'),
289 archive => {
290 description => "The backup file.",
291 type => 'string',
292 optional => 1,
293 maxLength => 255,
294 },
295 storage => get_standard_option('pve-storage-id', {
296 description => "Default storage.",
297 optional => 1,
298 }),
299 force => {
300 optional => 1,
301 type => 'boolean',
302 description => "Allow to overwrite existing VM.",
303 requires => 'archive',
304 },
305 unique => {
306 optional => 1,
307 type => 'boolean',
308 description => "Assign a unique random ethernet address.",
309 requires => 'archive',
310 },
311 pool => {
312 optional => 1,
313 type => 'string', format => 'pve-poolid',
314 description => "Add the VM to the specified pool.",
315 },
316 }),
317 },
318 returns => {
319 type => 'string',
320 },
321 code => sub {
322 my ($param) = @_;
323
324 my $rpcenv = PVE::RPCEnvironment::get();
325
326 my $authuser = $rpcenv->get_user();
327
328 my $node = extract_param($param, 'node');
329
330 my $vmid = extract_param($param, 'vmid');
331
332 my $archive = extract_param($param, 'archive');
333
334 my $storage = extract_param($param, 'storage');
335
336 my $force = extract_param($param, 'force');
337
338 my $unique = extract_param($param, 'unique');
339
340 my $pool = extract_param($param, 'pool');
341
342 my $filename = PVE::QemuServer::config_file($vmid);
343
344 my $storecfg = PVE::Storage::config();
345
346 PVE::Cluster::check_cfs_quorum();
347
348 if (defined($pool)) {
349 $rpcenv->check_pool_exist($pool);
350 }
351
352 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
353 if defined($storage);
354
355 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
356 # OK
357 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
358 # OK
359 } elsif ($archive && $force && (-f $filename) &&
360 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
361 # OK: user has VM.Backup permissions, and want to restore an existing VM
362 } else {
363 raise_perm_exc();
364 }
365
366 if (!$archive) {
367 &$resolve_cdrom_alias($param);
368
369 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
370
371 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
372
373 foreach my $opt (keys %$param) {
374 if (PVE::QemuServer::valid_drivename($opt)) {
375 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
376 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
377
378 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
379 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
380 }
381 }
382
383 PVE::QemuServer::add_random_macs($param);
384 } else {
385 my $keystr = join(' ', keys %$param);
386 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
387
388 if ($archive eq '-') {
389 die "pipe requires cli environment\n"
390 if $rpcenv->{type} ne 'cli';
391 } else {
392 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
393 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
394 }
395 }
396
397 my $restorefn = sub {
398
399 # fixme: this test does not work if VM exists on other node!
400 if (-f $filename) {
401 die "unable to restore vm $vmid: config file already exists\n"
402 if !$force;
403
404 die "unable to restore vm $vmid: vm is running\n"
405 if PVE::QemuServer::check_running($vmid);
406 }
407
408 my $realcmd = sub {
409 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
410 storage => $storage,
411 pool => $pool,
412 unique => $unique });
413
414 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
415 };
416
417 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
418 };
419
420 my $createfn = sub {
421
422 # test after locking
423 die "unable to create vm $vmid: config file already exists\n"
424 if -f $filename;
425
426 my $realcmd = sub {
427
428 my $vollist = [];
429
430 my $conf = $param;
431
432 eval {
433
434 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
435
436 # try to be smart about bootdisk
437 my @disks = PVE::QemuServer::disknames();
438 my $firstdisk;
439 foreach my $ds (reverse @disks) {
440 next if !$conf->{$ds};
441 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
442 next if PVE::QemuServer::drive_is_cdrom($disk);
443 $firstdisk = $ds;
444 }
445
446 if (!$conf->{bootdisk} && $firstdisk) {
447 $conf->{bootdisk} = $firstdisk;
448 }
449
450 # auto generate uuid if user did not specify smbios1 option
451 if (!$conf->{smbios1}) {
452 my ($uuid, $uuid_str);
453 UUID::generate($uuid);
454 UUID::unparse($uuid, $uuid_str);
455 $conf->{smbios1} = "uuid=$uuid_str";
456 }
457
458 PVE::QemuServer::update_config_nolock($vmid, $conf);
459
460 };
461 my $err = $@;
462
463 if ($err) {
464 foreach my $volid (@$vollist) {
465 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
466 warn $@ if $@;
467 }
468 die "create failed - $err";
469 }
470
471 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
472 };
473
474 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
475 };
476
477 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
478 }});
479
480 __PACKAGE__->register_method({
481 name => 'vmdiridx',
482 path => '{vmid}',
483 method => 'GET',
484 proxyto => 'node',
485 description => "Directory index",
486 permissions => {
487 user => 'all',
488 },
489 parameters => {
490 additionalProperties => 0,
491 properties => {
492 node => get_standard_option('pve-node'),
493 vmid => get_standard_option('pve-vmid'),
494 },
495 },
496 returns => {
497 type => 'array',
498 items => {
499 type => "object",
500 properties => {
501 subdir => { type => 'string' },
502 },
503 },
504 links => [ { rel => 'child', href => "{subdir}" } ],
505 },
506 code => sub {
507 my ($param) = @_;
508
509 my $res = [
510 { subdir => 'config' },
511 { subdir => 'status' },
512 { subdir => 'unlink' },
513 { subdir => 'vncproxy' },
514 { subdir => 'migrate' },
515 { subdir => 'resize' },
516 { subdir => 'move' },
517 { subdir => 'rrd' },
518 { subdir => 'rrddata' },
519 { subdir => 'monitor' },
520 { subdir => 'snapshot' },
521 { subdir => 'spiceproxy' },
522 { subdir => 'sendkey' },
523 { subdir => 'firewall' },
524 ];
525
526 return $res;
527 }});
528
529 __PACKAGE__->register_method ({
530 subclass => "PVE::API2::Firewall::VM",
531 path => '{vmid}/firewall',
532 });
533
534 __PACKAGE__->register_method({
535 name => 'rrd',
536 path => '{vmid}/rrd',
537 method => 'GET',
538 protected => 1, # fixme: can we avoid that?
539 permissions => {
540 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
541 },
542 description => "Read VM RRD statistics (returns PNG)",
543 parameters => {
544 additionalProperties => 0,
545 properties => {
546 node => get_standard_option('pve-node'),
547 vmid => get_standard_option('pve-vmid'),
548 timeframe => {
549 description => "Specify the time frame you are interested in.",
550 type => 'string',
551 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
552 },
553 ds => {
554 description => "The list of datasources you want to display.",
555 type => 'string', format => 'pve-configid-list',
556 },
557 cf => {
558 description => "The RRD consolidation function",
559 type => 'string',
560 enum => [ 'AVERAGE', 'MAX' ],
561 optional => 1,
562 },
563 },
564 },
565 returns => {
566 type => "object",
567 properties => {
568 filename => { type => 'string' },
569 },
570 },
571 code => sub {
572 my ($param) = @_;
573
574 return PVE::Cluster::create_rrd_graph(
575 "pve2-vm/$param->{vmid}", $param->{timeframe},
576 $param->{ds}, $param->{cf});
577
578 }});
579
580 __PACKAGE__->register_method({
581 name => 'rrddata',
582 path => '{vmid}/rrddata',
583 method => 'GET',
584 protected => 1, # fixme: can we avoid that?
585 permissions => {
586 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
587 },
588 description => "Read VM RRD statistics",
589 parameters => {
590 additionalProperties => 0,
591 properties => {
592 node => get_standard_option('pve-node'),
593 vmid => get_standard_option('pve-vmid'),
594 timeframe => {
595 description => "Specify the time frame you are interested in.",
596 type => 'string',
597 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
598 },
599 cf => {
600 description => "The RRD consolidation function",
601 type => 'string',
602 enum => [ 'AVERAGE', 'MAX' ],
603 optional => 1,
604 },
605 },
606 },
607 returns => {
608 type => "array",
609 items => {
610 type => "object",
611 properties => {},
612 },
613 },
614 code => sub {
615 my ($param) = @_;
616
617 return PVE::Cluster::create_rrd_data(
618 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
619 }});
620
621
622 __PACKAGE__->register_method({
623 name => 'vm_config',
624 path => '{vmid}/config',
625 method => 'GET',
626 proxyto => 'node',
627 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
628 permissions => {
629 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
630 },
631 parameters => {
632 additionalProperties => 0,
633 properties => {
634 node => get_standard_option('pve-node'),
635 vmid => get_standard_option('pve-vmid'),
636 },
637 },
638 returns => {
639 type => "object",
640 properties => {
641 digest => {
642 type => 'string',
643 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
644 }
645 },
646 },
647 code => sub {
648 my ($param) = @_;
649
650 my $conf = PVE::QemuServer::load_config($param->{vmid});
651
652 delete $conf->{snapshots};
653 delete $conf->{pending};
654
655 return $conf;
656 }});
657
658 __PACKAGE__->register_method({
659 name => 'vm_pending',
660 path => '{vmid}/pending',
661 method => 'GET',
662 proxyto => 'node',
663 description => "Get virtual machine configuration, including pending changes.",
664 permissions => {
665 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
666 },
667 parameters => {
668 additionalProperties => 0,
669 properties => {
670 node => get_standard_option('pve-node'),
671 vmid => get_standard_option('pve-vmid'),
672 },
673 },
674 returns => {
675 type => "array",
676 items => {
677 type => "object",
678 properties => {
679 key => {
680 description => "Configuration option name.",
681 type => 'string',
682 },
683 value => {
684 description => "Current value.",
685 type => 'string',
686 optional => 1,
687 },
688 pending => {
689 description => "Pending value.",
690 type => 'string',
691 optional => 1,
692 },
693 delete => {
694 description => "Indicated a pending delete request.",
695 type => 'boolean',
696 optional => 1,
697 },
698 },
699 },
700 },
701 code => sub {
702 my ($param) = @_;
703
704 my $conf = PVE::QemuServer::load_config($param->{vmid});
705
706 my $pending_delete_hash = {};
707 foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) {
708 $pending_delete_hash->{$opt} = 1;
709 }
710
711 my $res = [];
712
713 foreach my $opt (keys $conf) {
714 next if ref($conf->{$opt});
715 my $item = { key => $opt };
716 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
717 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
718 $item->{delete} = 1 if $pending_delete_hash->{$opt};
719 push @$res, $item;
720 }
721
722 foreach my $opt (keys $conf->{pending}) {
723 next if $opt eq 'delete';
724 next if ref($conf->{pending}->{$opt}); # just to be sure
725 next if $conf->{$opt};
726 my $item = { key => $opt };
727 $item->{pending} = $conf->{pending}->{$opt};
728 push @$res, $item;
729 }
730
731 foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) {
732 next if $conf->{pending}->{$opt}; # just to be sure
733 next if $conf->{$opt};
734 my $item = { key => $opt, delete => 1};
735 push @$res, $item;
736 }
737
738 return $res;
739 }});
740
741 my $delete_drive = sub {
742 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
743
744 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
745 my $volid = $drive->{file};
746
747 if (PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
748 if ($force || $key =~ m/^unused/) {
749 eval {
750 # check if the disk is really unused
751 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key);
752 my $path = PVE::Storage::path($storecfg, $volid);
753
754 die "unable to delete '$volid' - volume is still in use (snapshot?)\n"
755 if $used_paths->{$path};
756
757 PVE::Storage::vdisk_free($storecfg, $volid);
758 };
759 die $@ if $@;
760 } else {
761 PVE::QemuServer::add_unused_volume($conf, $volid, $vmid);
762 }
763 }
764 }
765
766 delete $conf->{$key};
767 };
768
769 my $vmconfig_delete_option = sub {
770 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
771
772 return if !defined($conf->{$opt});
773
774 my $isDisk = PVE::QemuServer::valid_drivename($opt)|| ($opt =~ m/^unused/);
775
776 if ($isDisk) {
777 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
778
779 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
780 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
781 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
782 }
783 }
784
785 my $unplugwarning = "";
786 if ($conf->{ostype} && $conf->{ostype} eq 'l26') {
787 $unplugwarning = "<br>verify that you have acpiphp && pci_hotplug modules loaded in your guest VM";
788 } elsif ($conf->{ostype} && $conf->{ostype} eq 'l24') {
789 $unplugwarning = "<br>kernel 2.4 don't support hotplug, please disable hotplug in options";
790 } elsif (!$conf->{ostype} || ($conf->{ostype} && $conf->{ostype} eq 'other')) {
791 $unplugwarning = "<br>verify that your guest support acpi hotplug";
792 }
793
794 if ($opt eq 'tablet') {
795 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
796 } else {
797 die "error hot-unplug $opt $unplugwarning" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
798 }
799
800 if ($isDisk) {
801 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
802 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
803 } else {
804 delete $conf->{$opt};
805 }
806
807 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
808 };
809
810 my $safe_num_ne = sub {
811 my ($a, $b) = @_;
812
813 return 0 if !defined($a) && !defined($b);
814 return 1 if !defined($a);
815 return 1 if !defined($b);
816
817 return $a != $b;
818 };
819
820 my $vmconfig_update_disk = sub {
821 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
822
823 my $drive = PVE::QemuServer::parse_drive($opt, $value);
824
825 if (PVE::QemuServer::drive_is_cdrom($drive)) { #cdrom
826 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
827 } else {
828 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
829 }
830
831 if ($conf->{$opt}) {
832
833 if (my $old_drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt})) {
834
835 my $media = $drive->{media} || 'disk';
836 my $oldmedia = $old_drive->{media} || 'disk';
837 die "unable to change media type\n" if $media ne $oldmedia;
838
839 if (!PVE::QemuServer::drive_is_cdrom($old_drive) &&
840 ($drive->{file} ne $old_drive->{file})) { # delete old disks
841
842 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
843 $conf = PVE::QemuServer::load_config($vmid); # update/reload
844 }
845
846 if(&$safe_num_ne($drive->{mbps}, $old_drive->{mbps}) ||
847 &$safe_num_ne($drive->{mbps_rd}, $old_drive->{mbps_rd}) ||
848 &$safe_num_ne($drive->{mbps_wr}, $old_drive->{mbps_wr}) ||
849 &$safe_num_ne($drive->{iops}, $old_drive->{iops}) ||
850 &$safe_num_ne($drive->{iops_rd}, $old_drive->{iops_rd}) ||
851 &$safe_num_ne($drive->{iops_wr}, $old_drive->{iops_wr}) ||
852 &$safe_num_ne($drive->{mbps_max}, $old_drive->{mbps_max}) ||
853 &$safe_num_ne($drive->{mbps_rd_max}, $old_drive->{mbps_rd_max}) ||
854 &$safe_num_ne($drive->{mbps_wr_max}, $old_drive->{mbps_wr_max}) ||
855 &$safe_num_ne($drive->{iops_max}, $old_drive->{iops_max}) ||
856 &$safe_num_ne($drive->{iops_rd_max}, $old_drive->{iops_rd_max}) ||
857 &$safe_num_ne($drive->{iops_wr_max}, $old_drive->{iops_wr_max})) {
858 PVE::QemuServer::qemu_block_set_io_throttle($vmid,"drive-$opt",
859 ($drive->{mbps} || 0)*1024*1024,
860 ($drive->{mbps_rd} || 0)*1024*1024,
861 ($drive->{mbps_wr} || 0)*1024*1024,
862 $drive->{iops} || 0,
863 $drive->{iops_rd} || 0,
864 $drive->{iops_wr} || 0,
865 ($drive->{mbps_max} || 0)*1024*1024,
866 ($drive->{mbps_rd_max} || 0)*1024*1024,
867 ($drive->{mbps_wr_max} || 0)*1024*1024,
868 $drive->{iops_max} || 0,
869 $drive->{iops_rd_max} || 0,
870 $drive->{iops_wr_max} || 0)
871 if !PVE::QemuServer::drive_is_cdrom($drive);
872 }
873 }
874 }
875
876 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
877 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
878
879 $conf = PVE::QemuServer::load_config($vmid); # update/reload
880 $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
881
882 if (PVE::QemuServer::drive_is_cdrom($drive)) { # cdrom
883
884 if (PVE::QemuServer::check_running($vmid)) {
885 if ($drive->{file} eq 'none') {
886 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt");
887 } else {
888 my $path = PVE::QemuServer::get_iso_path($storecfg, $vmid, $drive->{file});
889 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt"); #force eject if locked
890 PVE::QemuServer::vm_mon_cmd($vmid, "change",device => "drive-$opt",target => "$path") if $path;
891 }
892 }
893
894 } else { # hotplug new disks
895
896 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
897 }
898 };
899
900 # POST/PUT {vmid}/config implementation
901 #
902 # The original API used PUT (idempotent) an we assumed that all operations
903 # are fast. But it turned out that almost any configuration change can
904 # involve hot-plug actions, or disk alloc/free. Such actions can take long
905 # time to complete and have side effects (not idempotent).
906 #
907 # The new implementation uses POST and forks a worker process. We added
908 # a new option 'background_delay'. If specified we wait up to
909 # 'background_delay' second for the worker task to complete. It returns null
910 # if the task is finished within that time, else we return the UPID.
911
912 my $update_vm_api = sub {
913 my ($param, $sync) = @_;
914
915 my $rpcenv = PVE::RPCEnvironment::get();
916
917 my $authuser = $rpcenv->get_user();
918
919 my $node = extract_param($param, 'node');
920
921 my $vmid = extract_param($param, 'vmid');
922
923 my $digest = extract_param($param, 'digest');
924
925 my $background_delay = extract_param($param, 'background_delay');
926
927 my @paramarr = (); # used for log message
928 foreach my $key (keys %$param) {
929 push @paramarr, "-$key", $param->{$key};
930 }
931
932 my $skiplock = extract_param($param, 'skiplock');
933 raise_param_exc({ skiplock => "Only root may use this option." })
934 if $skiplock && $authuser ne 'root@pam';
935
936 my $delete_str = extract_param($param, 'delete');
937
938 my $force = extract_param($param, 'force');
939
940 die "no options specified\n" if !$delete_str && !scalar(keys %$param);
941
942 my $storecfg = PVE::Storage::config();
943
944 my $defaults = PVE::QemuServer::load_defaults();
945
946 &$resolve_cdrom_alias($param);
947
948 # now try to verify all parameters
949
950 my @delete = ();
951 foreach my $opt (PVE::Tools::split_list($delete_str)) {
952 $opt = 'ide2' if $opt eq 'cdrom';
953 raise_param_exc({ delete => "you can't use '-$opt' and " .
954 "-delete $opt' at the same time" })
955 if defined($param->{$opt});
956
957 if (!PVE::QemuServer::option_exists($opt)) {
958 raise_param_exc({ delete => "unknown option '$opt'" });
959 }
960
961 push @delete, $opt;
962 }
963
964 foreach my $opt (keys %$param) {
965 if (PVE::QemuServer::valid_drivename($opt)) {
966 # cleanup drive path
967 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
968 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
969 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
970 } elsif ($opt =~ m/^net(\d+)$/) {
971 # add macaddr
972 my $net = PVE::QemuServer::parse_net($param->{$opt});
973 $param->{$opt} = PVE::QemuServer::print_net($net);
974 }
975 }
976
977 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
978
979 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
980
981 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
982
983 my $updatefn = sub {
984
985 my $conf = PVE::QemuServer::load_config($vmid);
986
987 die "checksum missmatch (file change by other user?)\n"
988 if $digest && $digest ne $conf->{digest};
989
990 PVE::QemuServer::check_lock($conf) if !$skiplock;
991
992 if ($param->{memory} || defined($param->{balloon})) {
993 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
994 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
995
996 die "balloon value too large (must be smaller than assigned memory)\n"
997 if $balloon && $balloon > $maxmem;
998 }
999
1000 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
1001
1002 my $worker = sub {
1003
1004 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
1005
1006 # write updates to pending section
1007
1008 my $modified = {}; # record what $option we modify
1009
1010 foreach my $opt (@delete) {
1011 $modified->{$opt} = 1;
1012 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1013 if ($opt =~ m/^unused/) {
1014 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1015 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
1016 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
1017 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
1018 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive);
1019 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1020 }
1021 } elsif (PVE::QemuServer::valid_drivename($opt)) {
1022 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1023 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1024 if defined($conf->{pending}->{$opt});
1025 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
1026 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1027 } else {
1028 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
1029 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1030 }
1031 }
1032
1033 foreach my $opt (keys %$param) { # add/change
1034 $modified->{$opt} = 1;
1035 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1036 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1037
1038 if (PVE::QemuServer::valid_drivename($opt)) {
1039 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1040 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1041 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1042 } else {
1043 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1044 }
1045 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1046 if defined($conf->{pending}->{$opt});
1047
1048 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1049 } else {
1050 $conf->{pending}->{$opt} = $param->{$opt};
1051 }
1052 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
1053 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1054 }
1055
1056 # remove pending changes when nothing changed
1057 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1058 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
1059 PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes;
1060
1061 return if !scalar(keys %{$conf->{pending}});
1062
1063 my $running = PVE::QemuServer::check_running($vmid);
1064
1065 # apply pending changes
1066
1067 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1068
1069 if ($running) {
1070 my $errors = {};
1071 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1072 raise_param_exc($errors) if scalar(keys %$errors);
1073 } else {
1074 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1075 }
1076 return; # TODO: remove old code below
1077
1078 foreach my $opt (keys %$param) { # add/change
1079
1080 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1081
1082 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
1083
1084 if (PVE::QemuServer::valid_drivename($opt)) {
1085
1086 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
1087 $opt, $param->{$opt}, $force);
1088
1089 } elsif ($opt =~ m/^net(\d+)$/) { #nics
1090
1091 # &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
1092 # $opt, $param->{$opt});
1093
1094 } else {
1095
1096 if($opt eq 'tablet' && $param->{$opt} == 1){
1097 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
1098 } elsif($opt eq 'tablet' && $param->{$opt} == 0){
1099 PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
1100 }
1101
1102 if($opt eq 'cores' && $conf->{maxcpus}){
1103 PVE::QemuServer::qemu_cpu_hotplug($vmid, $conf, $param->{$opt});
1104 }
1105
1106 $conf->{$opt} = $param->{$opt};
1107 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1108 }
1109 }
1110
1111 # allow manual ballooning if shares is set to zero
1112 if ($running && defined($param->{balloon}) &&
1113 defined($conf->{shares}) && ($conf->{shares} == 0)) {
1114 my $balloon = $param->{'balloon'} || $conf->{memory} || $defaults->{memory};
1115 PVE::QemuServer::vm_mon_cmd($vmid, "balloon", value => $balloon*1024*1024);
1116 }
1117 };
1118
1119 if ($sync) {
1120 &$worker();
1121 return undef;
1122 } else {
1123 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1124
1125 if ($background_delay) {
1126
1127 # Note: It would be better to do that in the Event based HTTPServer
1128 # to avoid blocking call to sleep.
1129
1130 my $end_time = time() + $background_delay;
1131
1132 my $task = PVE::Tools::upid_decode($upid);
1133
1134 my $running = 1;
1135 while (time() < $end_time) {
1136 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1137 last if !$running;
1138 sleep(1); # this gets interrupted when child process ends
1139 }
1140
1141 if (!$running) {
1142 my $status = PVE::Tools::upid_read_status($upid);
1143 return undef if $status eq 'OK';
1144 die $status;
1145 }
1146 }
1147
1148 return $upid;
1149 }
1150 };
1151
1152 return PVE::QemuServer::lock_config($vmid, $updatefn);
1153 };
1154
1155 my $vm_config_perm_list = [
1156 'VM.Config.Disk',
1157 'VM.Config.CDROM',
1158 'VM.Config.CPU',
1159 'VM.Config.Memory',
1160 'VM.Config.Network',
1161 'VM.Config.HWType',
1162 'VM.Config.Options',
1163 ];
1164
1165 __PACKAGE__->register_method({
1166 name => 'update_vm_async',
1167 path => '{vmid}/config',
1168 method => 'POST',
1169 protected => 1,
1170 proxyto => 'node',
1171 description => "Set virtual machine options (asynchrounous API).",
1172 permissions => {
1173 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1174 },
1175 parameters => {
1176 additionalProperties => 0,
1177 properties => PVE::QemuServer::json_config_properties(
1178 {
1179 node => get_standard_option('pve-node'),
1180 vmid => get_standard_option('pve-vmid'),
1181 skiplock => get_standard_option('skiplock'),
1182 delete => {
1183 type => 'string', format => 'pve-configid-list',
1184 description => "A list of settings you want to delete.",
1185 optional => 1,
1186 },
1187 force => {
1188 type => 'boolean',
1189 description => $opt_force_description,
1190 optional => 1,
1191 requires => 'delete',
1192 },
1193 digest => {
1194 type => 'string',
1195 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1196 maxLength => 40,
1197 optional => 1,
1198 },
1199 background_delay => {
1200 type => 'integer',
1201 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1202 minimum => 1,
1203 maximum => 30,
1204 optional => 1,
1205 },
1206 }),
1207 },
1208 returns => {
1209 type => 'string',
1210 optional => 1,
1211 },
1212 code => $update_vm_api,
1213 });
1214
1215 __PACKAGE__->register_method({
1216 name => 'update_vm',
1217 path => '{vmid}/config',
1218 method => 'PUT',
1219 protected => 1,
1220 proxyto => 'node',
1221 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1222 permissions => {
1223 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1224 },
1225 parameters => {
1226 additionalProperties => 0,
1227 properties => PVE::QemuServer::json_config_properties(
1228 {
1229 node => get_standard_option('pve-node'),
1230 vmid => get_standard_option('pve-vmid'),
1231 skiplock => get_standard_option('skiplock'),
1232 delete => {
1233 type => 'string', format => 'pve-configid-list',
1234 description => "A list of settings you want to delete.",
1235 optional => 1,
1236 },
1237 force => {
1238 type => 'boolean',
1239 description => $opt_force_description,
1240 optional => 1,
1241 requires => 'delete',
1242 },
1243 digest => {
1244 type => 'string',
1245 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1246 maxLength => 40,
1247 optional => 1,
1248 },
1249 }),
1250 },
1251 returns => { type => 'null' },
1252 code => sub {
1253 my ($param) = @_;
1254 &$update_vm_api($param, 1);
1255 return undef;
1256 }
1257 });
1258
1259
1260 __PACKAGE__->register_method({
1261 name => 'destroy_vm',
1262 path => '{vmid}',
1263 method => 'DELETE',
1264 protected => 1,
1265 proxyto => 'node',
1266 description => "Destroy the vm (also delete all used/owned volumes).",
1267 permissions => {
1268 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1269 },
1270 parameters => {
1271 additionalProperties => 0,
1272 properties => {
1273 node => get_standard_option('pve-node'),
1274 vmid => get_standard_option('pve-vmid'),
1275 skiplock => get_standard_option('skiplock'),
1276 },
1277 },
1278 returns => {
1279 type => 'string',
1280 },
1281 code => sub {
1282 my ($param) = @_;
1283
1284 my $rpcenv = PVE::RPCEnvironment::get();
1285
1286 my $authuser = $rpcenv->get_user();
1287
1288 my $vmid = $param->{vmid};
1289
1290 my $skiplock = $param->{skiplock};
1291 raise_param_exc({ skiplock => "Only root may use this option." })
1292 if $skiplock && $authuser ne 'root@pam';
1293
1294 # test if VM exists
1295 my $conf = PVE::QemuServer::load_config($vmid);
1296
1297 my $storecfg = PVE::Storage::config();
1298
1299 my $delVMfromPoolFn = sub {
1300 my $usercfg = cfs_read_file("user.cfg");
1301 if (my $pool = $usercfg->{vms}->{$vmid}) {
1302 if (my $data = $usercfg->{pools}->{$pool}) {
1303 delete $data->{vms}->{$vmid};
1304 delete $usercfg->{vms}->{$vmid};
1305 cfs_write_file("user.cfg", $usercfg);
1306 }
1307 }
1308 };
1309
1310 my $realcmd = sub {
1311 my $upid = shift;
1312
1313 syslog('info', "destroy VM $vmid: $upid\n");
1314
1315 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1316
1317 PVE::AccessControl::remove_vm_from_pool($vmid);
1318 };
1319
1320 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1321 }});
1322
1323 __PACKAGE__->register_method({
1324 name => 'unlink',
1325 path => '{vmid}/unlink',
1326 method => 'PUT',
1327 protected => 1,
1328 proxyto => 'node',
1329 description => "Unlink/delete disk images.",
1330 permissions => {
1331 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1332 },
1333 parameters => {
1334 additionalProperties => 0,
1335 properties => {
1336 node => get_standard_option('pve-node'),
1337 vmid => get_standard_option('pve-vmid'),
1338 idlist => {
1339 type => 'string', format => 'pve-configid-list',
1340 description => "A list of disk IDs you want to delete.",
1341 },
1342 force => {
1343 type => 'boolean',
1344 description => $opt_force_description,
1345 optional => 1,
1346 },
1347 },
1348 },
1349 returns => { type => 'null'},
1350 code => sub {
1351 my ($param) = @_;
1352
1353 $param->{delete} = extract_param($param, 'idlist');
1354
1355 __PACKAGE__->update_vm($param);
1356
1357 return undef;
1358 }});
1359
1360 my $sslcert;
1361
1362 __PACKAGE__->register_method({
1363 name => 'vncproxy',
1364 path => '{vmid}/vncproxy',
1365 method => 'POST',
1366 protected => 1,
1367 permissions => {
1368 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1369 },
1370 description => "Creates a TCP VNC proxy connections.",
1371 parameters => {
1372 additionalProperties => 0,
1373 properties => {
1374 node => get_standard_option('pve-node'),
1375 vmid => get_standard_option('pve-vmid'),
1376 websocket => {
1377 optional => 1,
1378 type => 'boolean',
1379 description => "starts websockify instead of vncproxy",
1380 },
1381 },
1382 },
1383 returns => {
1384 additionalProperties => 0,
1385 properties => {
1386 user => { type => 'string' },
1387 ticket => { type => 'string' },
1388 cert => { type => 'string' },
1389 port => { type => 'integer' },
1390 upid => { type => 'string' },
1391 },
1392 },
1393 code => sub {
1394 my ($param) = @_;
1395
1396 my $rpcenv = PVE::RPCEnvironment::get();
1397
1398 my $authuser = $rpcenv->get_user();
1399
1400 my $vmid = $param->{vmid};
1401 my $node = $param->{node};
1402 my $websocket = $param->{websocket};
1403
1404 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1405
1406 my $authpath = "/vms/$vmid";
1407
1408 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1409
1410 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1411 if !$sslcert;
1412
1413 my $port = PVE::Tools::next_vnc_port();
1414
1415 my $remip;
1416 my $remcmd = [];
1417
1418 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1419 $remip = PVE::Cluster::remote_node_ip($node);
1420 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1421 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1422 }
1423
1424 my $timeout = 10;
1425
1426 my $realcmd = sub {
1427 my $upid = shift;
1428
1429 syslog('info', "starting vnc proxy $upid\n");
1430
1431 my $cmd;
1432
1433 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1434
1435 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1436
1437 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1438 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1439 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1440 '-timeout', $timeout, '-authpath', $authpath,
1441 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1442 } else {
1443
1444 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1445
1446 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1447
1448 my $qmstr = join(' ', @$qmcmd);
1449
1450 # also redirect stderr (else we get RFB protocol errors)
1451 $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
1452 }
1453
1454 PVE::Tools::run_command($cmd);
1455
1456 return;
1457 };
1458
1459 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1460
1461 PVE::Tools::wait_for_vnc_port($port);
1462
1463 return {
1464 user => $authuser,
1465 ticket => $ticket,
1466 port => $port,
1467 upid => $upid,
1468 cert => $sslcert,
1469 };
1470 }});
1471
1472 __PACKAGE__->register_method({
1473 name => 'vncwebsocket',
1474 path => '{vmid}/vncwebsocket',
1475 method => 'GET',
1476 permissions => {
1477 description => "You also need to pass a valid ticket (vncticket).",
1478 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1479 },
1480 description => "Opens a weksocket for VNC traffic.",
1481 parameters => {
1482 additionalProperties => 0,
1483 properties => {
1484 node => get_standard_option('pve-node'),
1485 vmid => get_standard_option('pve-vmid'),
1486 vncticket => {
1487 description => "Ticket from previous call to vncproxy.",
1488 type => 'string',
1489 maxLength => 512,
1490 },
1491 port => {
1492 description => "Port number returned by previous vncproxy call.",
1493 type => 'integer',
1494 minimum => 5900,
1495 maximum => 5999,
1496 },
1497 },
1498 },
1499 returns => {
1500 type => "object",
1501 properties => {
1502 port => { type => 'string' },
1503 },
1504 },
1505 code => sub {
1506 my ($param) = @_;
1507
1508 my $rpcenv = PVE::RPCEnvironment::get();
1509
1510 my $authuser = $rpcenv->get_user();
1511
1512 my $vmid = $param->{vmid};
1513 my $node = $param->{node};
1514
1515 my $authpath = "/vms/$vmid";
1516
1517 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1518
1519 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1520
1521 # Note: VNC ports are acessible from outside, so we do not gain any
1522 # security if we verify that $param->{port} belongs to VM $vmid. This
1523 # check is done by verifying the VNC ticket (inside VNC protocol).
1524
1525 my $port = $param->{port};
1526
1527 return { port => $port };
1528 }});
1529
1530 __PACKAGE__->register_method({
1531 name => 'spiceproxy',
1532 path => '{vmid}/spiceproxy',
1533 method => 'POST',
1534 protected => 1,
1535 proxyto => 'node',
1536 permissions => {
1537 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1538 },
1539 description => "Returns a SPICE configuration to connect to the VM.",
1540 parameters => {
1541 additionalProperties => 0,
1542 properties => {
1543 node => get_standard_option('pve-node'),
1544 vmid => get_standard_option('pve-vmid'),
1545 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1546 },
1547 },
1548 returns => get_standard_option('remote-viewer-config'),
1549 code => sub {
1550 my ($param) = @_;
1551
1552 my $rpcenv = PVE::RPCEnvironment::get();
1553
1554 my $authuser = $rpcenv->get_user();
1555
1556 my $vmid = $param->{vmid};
1557 my $node = $param->{node};
1558 my $proxy = $param->{proxy};
1559
1560 my $conf = PVE::QemuServer::load_config($vmid, $node);
1561 my $title = "VM $vmid - $conf->{'name'}",
1562
1563 my $port = PVE::QemuServer::spice_port($vmid);
1564
1565 my ($ticket, undef, $remote_viewer_config) =
1566 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1567
1568 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1569 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1570
1571 return $remote_viewer_config;
1572 }});
1573
1574 __PACKAGE__->register_method({
1575 name => 'vmcmdidx',
1576 path => '{vmid}/status',
1577 method => 'GET',
1578 proxyto => 'node',
1579 description => "Directory index",
1580 permissions => {
1581 user => 'all',
1582 },
1583 parameters => {
1584 additionalProperties => 0,
1585 properties => {
1586 node => get_standard_option('pve-node'),
1587 vmid => get_standard_option('pve-vmid'),
1588 },
1589 },
1590 returns => {
1591 type => 'array',
1592 items => {
1593 type => "object",
1594 properties => {
1595 subdir => { type => 'string' },
1596 },
1597 },
1598 links => [ { rel => 'child', href => "{subdir}" } ],
1599 },
1600 code => sub {
1601 my ($param) = @_;
1602
1603 # test if VM exists
1604 my $conf = PVE::QemuServer::load_config($param->{vmid});
1605
1606 my $res = [
1607 { subdir => 'current' },
1608 { subdir => 'start' },
1609 { subdir => 'stop' },
1610 ];
1611
1612 return $res;
1613 }});
1614
1615 my $vm_is_ha_managed = sub {
1616 my ($vmid) = @_;
1617
1618 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1619 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $vmid, 1)) {
1620 return 1;
1621 }
1622 return 0;
1623 };
1624
1625 __PACKAGE__->register_method({
1626 name => 'vm_status',
1627 path => '{vmid}/status/current',
1628 method => 'GET',
1629 proxyto => 'node',
1630 protected => 1, # qemu pid files are only readable by root
1631 description => "Get virtual machine status.",
1632 permissions => {
1633 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1634 },
1635 parameters => {
1636 additionalProperties => 0,
1637 properties => {
1638 node => get_standard_option('pve-node'),
1639 vmid => get_standard_option('pve-vmid'),
1640 },
1641 },
1642 returns => { type => 'object' },
1643 code => sub {
1644 my ($param) = @_;
1645
1646 # test if VM exists
1647 my $conf = PVE::QemuServer::load_config($param->{vmid});
1648
1649 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1650 my $status = $vmstatus->{$param->{vmid}};
1651
1652 $status->{ha} = &$vm_is_ha_managed($param->{vmid});
1653
1654 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1655
1656 return $status;
1657 }});
1658
1659 __PACKAGE__->register_method({
1660 name => 'vm_start',
1661 path => '{vmid}/status/start',
1662 method => 'POST',
1663 protected => 1,
1664 proxyto => 'node',
1665 description => "Start virtual machine.",
1666 permissions => {
1667 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1668 },
1669 parameters => {
1670 additionalProperties => 0,
1671 properties => {
1672 node => get_standard_option('pve-node'),
1673 vmid => get_standard_option('pve-vmid'),
1674 skiplock => get_standard_option('skiplock'),
1675 stateuri => get_standard_option('pve-qm-stateuri'),
1676 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1677 machine => get_standard_option('pve-qm-machine'),
1678 },
1679 },
1680 returns => {
1681 type => 'string',
1682 },
1683 code => sub {
1684 my ($param) = @_;
1685
1686 my $rpcenv = PVE::RPCEnvironment::get();
1687
1688 my $authuser = $rpcenv->get_user();
1689
1690 my $node = extract_param($param, 'node');
1691
1692 my $vmid = extract_param($param, 'vmid');
1693
1694 my $machine = extract_param($param, 'machine');
1695
1696 my $stateuri = extract_param($param, 'stateuri');
1697 raise_param_exc({ stateuri => "Only root may use this option." })
1698 if $stateuri && $authuser ne 'root@pam';
1699
1700 my $skiplock = extract_param($param, 'skiplock');
1701 raise_param_exc({ skiplock => "Only root may use this option." })
1702 if $skiplock && $authuser ne 'root@pam';
1703
1704 my $migratedfrom = extract_param($param, 'migratedfrom');
1705 raise_param_exc({ migratedfrom => "Only root may use this option." })
1706 if $migratedfrom && $authuser ne 'root@pam';
1707
1708 # read spice ticket from STDIN
1709 my $spice_ticket;
1710 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1711 if (defined(my $line = <>)) {
1712 chomp $line;
1713 $spice_ticket = $line;
1714 }
1715 }
1716
1717 my $storecfg = PVE::Storage::config();
1718
1719 if (&$vm_is_ha_managed($vmid) && !$stateuri &&
1720 $rpcenv->{type} ne 'ha') {
1721
1722 my $hacmd = sub {
1723 my $upid = shift;
1724
1725 my $service = "pvevm:$vmid";
1726
1727 my $cmd = ['clusvcadm', '-e', $service, '-m', $node];
1728
1729 print "Executing HA start for VM $vmid\n";
1730
1731 PVE::Tools::run_command($cmd);
1732
1733 return;
1734 };
1735
1736 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1737
1738 } else {
1739
1740 my $realcmd = sub {
1741 my $upid = shift;
1742
1743 syslog('info', "start VM $vmid: $upid\n");
1744
1745 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1746 $machine, $spice_ticket);
1747
1748 return;
1749 };
1750
1751 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1752 }
1753 }});
1754
1755 __PACKAGE__->register_method({
1756 name => 'vm_stop',
1757 path => '{vmid}/status/stop',
1758 method => 'POST',
1759 protected => 1,
1760 proxyto => 'node',
1761 description => "Stop virtual machine.",
1762 permissions => {
1763 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1764 },
1765 parameters => {
1766 additionalProperties => 0,
1767 properties => {
1768 node => get_standard_option('pve-node'),
1769 vmid => get_standard_option('pve-vmid'),
1770 skiplock => get_standard_option('skiplock'),
1771 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1772 timeout => {
1773 description => "Wait maximal timeout seconds.",
1774 type => 'integer',
1775 minimum => 0,
1776 optional => 1,
1777 },
1778 keepActive => {
1779 description => "Do not decativate storage volumes.",
1780 type => 'boolean',
1781 optional => 1,
1782 default => 0,
1783 }
1784 },
1785 },
1786 returns => {
1787 type => 'string',
1788 },
1789 code => sub {
1790 my ($param) = @_;
1791
1792 my $rpcenv = PVE::RPCEnvironment::get();
1793
1794 my $authuser = $rpcenv->get_user();
1795
1796 my $node = extract_param($param, 'node');
1797
1798 my $vmid = extract_param($param, 'vmid');
1799
1800 my $skiplock = extract_param($param, 'skiplock');
1801 raise_param_exc({ skiplock => "Only root may use this option." })
1802 if $skiplock && $authuser ne 'root@pam';
1803
1804 my $keepActive = extract_param($param, 'keepActive');
1805 raise_param_exc({ keepActive => "Only root may use this option." })
1806 if $keepActive && $authuser ne 'root@pam';
1807
1808 my $migratedfrom = extract_param($param, 'migratedfrom');
1809 raise_param_exc({ migratedfrom => "Only root may use this option." })
1810 if $migratedfrom && $authuser ne 'root@pam';
1811
1812
1813 my $storecfg = PVE::Storage::config();
1814
1815 if (&$vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1816
1817 my $hacmd = sub {
1818 my $upid = shift;
1819
1820 my $service = "pvevm:$vmid";
1821
1822 my $cmd = ['clusvcadm', '-d', $service];
1823
1824 print "Executing HA stop for VM $vmid\n";
1825
1826 PVE::Tools::run_command($cmd);
1827
1828 return;
1829 };
1830
1831 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1832
1833 } else {
1834 my $realcmd = sub {
1835 my $upid = shift;
1836
1837 syslog('info', "stop VM $vmid: $upid\n");
1838
1839 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1840 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1841
1842 return;
1843 };
1844
1845 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1846 }
1847 }});
1848
1849 __PACKAGE__->register_method({
1850 name => 'vm_reset',
1851 path => '{vmid}/status/reset',
1852 method => 'POST',
1853 protected => 1,
1854 proxyto => 'node',
1855 description => "Reset virtual machine.",
1856 permissions => {
1857 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1858 },
1859 parameters => {
1860 additionalProperties => 0,
1861 properties => {
1862 node => get_standard_option('pve-node'),
1863 vmid => get_standard_option('pve-vmid'),
1864 skiplock => get_standard_option('skiplock'),
1865 },
1866 },
1867 returns => {
1868 type => 'string',
1869 },
1870 code => sub {
1871 my ($param) = @_;
1872
1873 my $rpcenv = PVE::RPCEnvironment::get();
1874
1875 my $authuser = $rpcenv->get_user();
1876
1877 my $node = extract_param($param, 'node');
1878
1879 my $vmid = extract_param($param, 'vmid');
1880
1881 my $skiplock = extract_param($param, 'skiplock');
1882 raise_param_exc({ skiplock => "Only root may use this option." })
1883 if $skiplock && $authuser ne 'root@pam';
1884
1885 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1886
1887 my $realcmd = sub {
1888 my $upid = shift;
1889
1890 PVE::QemuServer::vm_reset($vmid, $skiplock);
1891
1892 return;
1893 };
1894
1895 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1896 }});
1897
1898 __PACKAGE__->register_method({
1899 name => 'vm_shutdown',
1900 path => '{vmid}/status/shutdown',
1901 method => 'POST',
1902 protected => 1,
1903 proxyto => 'node',
1904 description => "Shutdown virtual machine.",
1905 permissions => {
1906 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1907 },
1908 parameters => {
1909 additionalProperties => 0,
1910 properties => {
1911 node => get_standard_option('pve-node'),
1912 vmid => get_standard_option('pve-vmid'),
1913 skiplock => get_standard_option('skiplock'),
1914 timeout => {
1915 description => "Wait maximal timeout seconds.",
1916 type => 'integer',
1917 minimum => 0,
1918 optional => 1,
1919 },
1920 forceStop => {
1921 description => "Make sure the VM stops.",
1922 type => 'boolean',
1923 optional => 1,
1924 default => 0,
1925 },
1926 keepActive => {
1927 description => "Do not decativate storage volumes.",
1928 type => 'boolean',
1929 optional => 1,
1930 default => 0,
1931 }
1932 },
1933 },
1934 returns => {
1935 type => 'string',
1936 },
1937 code => sub {
1938 my ($param) = @_;
1939
1940 my $rpcenv = PVE::RPCEnvironment::get();
1941
1942 my $authuser = $rpcenv->get_user();
1943
1944 my $node = extract_param($param, 'node');
1945
1946 my $vmid = extract_param($param, 'vmid');
1947
1948 my $skiplock = extract_param($param, 'skiplock');
1949 raise_param_exc({ skiplock => "Only root may use this option." })
1950 if $skiplock && $authuser ne 'root@pam';
1951
1952 my $keepActive = extract_param($param, 'keepActive');
1953 raise_param_exc({ keepActive => "Only root may use this option." })
1954 if $keepActive && $authuser ne 'root@pam';
1955
1956 my $storecfg = PVE::Storage::config();
1957
1958 my $realcmd = sub {
1959 my $upid = shift;
1960
1961 syslog('info', "shutdown VM $vmid: $upid\n");
1962
1963 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1964 1, $param->{forceStop}, $keepActive);
1965
1966 return;
1967 };
1968
1969 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1970 }});
1971
1972 __PACKAGE__->register_method({
1973 name => 'vm_suspend',
1974 path => '{vmid}/status/suspend',
1975 method => 'POST',
1976 protected => 1,
1977 proxyto => 'node',
1978 description => "Suspend virtual machine.",
1979 permissions => {
1980 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1981 },
1982 parameters => {
1983 additionalProperties => 0,
1984 properties => {
1985 node => get_standard_option('pve-node'),
1986 vmid => get_standard_option('pve-vmid'),
1987 skiplock => get_standard_option('skiplock'),
1988 },
1989 },
1990 returns => {
1991 type => 'string',
1992 },
1993 code => sub {
1994 my ($param) = @_;
1995
1996 my $rpcenv = PVE::RPCEnvironment::get();
1997
1998 my $authuser = $rpcenv->get_user();
1999
2000 my $node = extract_param($param, 'node');
2001
2002 my $vmid = extract_param($param, 'vmid');
2003
2004 my $skiplock = extract_param($param, 'skiplock');
2005 raise_param_exc({ skiplock => "Only root may use this option." })
2006 if $skiplock && $authuser ne 'root@pam';
2007
2008 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2009
2010 my $realcmd = sub {
2011 my $upid = shift;
2012
2013 syslog('info', "suspend VM $vmid: $upid\n");
2014
2015 PVE::QemuServer::vm_suspend($vmid, $skiplock);
2016
2017 return;
2018 };
2019
2020 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
2021 }});
2022
2023 __PACKAGE__->register_method({
2024 name => 'vm_resume',
2025 path => '{vmid}/status/resume',
2026 method => 'POST',
2027 protected => 1,
2028 proxyto => 'node',
2029 description => "Resume virtual machine.",
2030 permissions => {
2031 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2032 },
2033 parameters => {
2034 additionalProperties => 0,
2035 properties => {
2036 node => get_standard_option('pve-node'),
2037 vmid => get_standard_option('pve-vmid'),
2038 skiplock => get_standard_option('skiplock'),
2039 },
2040 },
2041 returns => {
2042 type => 'string',
2043 },
2044 code => sub {
2045 my ($param) = @_;
2046
2047 my $rpcenv = PVE::RPCEnvironment::get();
2048
2049 my $authuser = $rpcenv->get_user();
2050
2051 my $node = extract_param($param, 'node');
2052
2053 my $vmid = extract_param($param, 'vmid');
2054
2055 my $skiplock = extract_param($param, 'skiplock');
2056 raise_param_exc({ skiplock => "Only root may use this option." })
2057 if $skiplock && $authuser ne 'root@pam';
2058
2059 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2060
2061 my $realcmd = sub {
2062 my $upid = shift;
2063
2064 syslog('info', "resume VM $vmid: $upid\n");
2065
2066 PVE::QemuServer::vm_resume($vmid, $skiplock);
2067
2068 return;
2069 };
2070
2071 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2072 }});
2073
2074 __PACKAGE__->register_method({
2075 name => 'vm_sendkey',
2076 path => '{vmid}/sendkey',
2077 method => 'PUT',
2078 protected => 1,
2079 proxyto => 'node',
2080 description => "Send key event to virtual machine.",
2081 permissions => {
2082 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2083 },
2084 parameters => {
2085 additionalProperties => 0,
2086 properties => {
2087 node => get_standard_option('pve-node'),
2088 vmid => get_standard_option('pve-vmid'),
2089 skiplock => get_standard_option('skiplock'),
2090 key => {
2091 description => "The key (qemu monitor encoding).",
2092 type => 'string'
2093 }
2094 },
2095 },
2096 returns => { type => 'null'},
2097 code => sub {
2098 my ($param) = @_;
2099
2100 my $rpcenv = PVE::RPCEnvironment::get();
2101
2102 my $authuser = $rpcenv->get_user();
2103
2104 my $node = extract_param($param, 'node');
2105
2106 my $vmid = extract_param($param, 'vmid');
2107
2108 my $skiplock = extract_param($param, 'skiplock');
2109 raise_param_exc({ skiplock => "Only root may use this option." })
2110 if $skiplock && $authuser ne 'root@pam';
2111
2112 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2113
2114 return;
2115 }});
2116
2117 __PACKAGE__->register_method({
2118 name => 'vm_feature',
2119 path => '{vmid}/feature',
2120 method => 'GET',
2121 proxyto => 'node',
2122 protected => 1,
2123 description => "Check if feature for virtual machine is available.",
2124 permissions => {
2125 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2126 },
2127 parameters => {
2128 additionalProperties => 0,
2129 properties => {
2130 node => get_standard_option('pve-node'),
2131 vmid => get_standard_option('pve-vmid'),
2132 feature => {
2133 description => "Feature to check.",
2134 type => 'string',
2135 enum => [ 'snapshot', 'clone', 'copy' ],
2136 },
2137 snapname => get_standard_option('pve-snapshot-name', {
2138 optional => 1,
2139 }),
2140 },
2141 },
2142 returns => {
2143 type => "object",
2144 properties => {
2145 hasFeature => { type => 'boolean' },
2146 nodes => {
2147 type => 'array',
2148 items => { type => 'string' },
2149 }
2150 },
2151 },
2152 code => sub {
2153 my ($param) = @_;
2154
2155 my $node = extract_param($param, 'node');
2156
2157 my $vmid = extract_param($param, 'vmid');
2158
2159 my $snapname = extract_param($param, 'snapname');
2160
2161 my $feature = extract_param($param, 'feature');
2162
2163 my $running = PVE::QemuServer::check_running($vmid);
2164
2165 my $conf = PVE::QemuServer::load_config($vmid);
2166
2167 if($snapname){
2168 my $snap = $conf->{snapshots}->{$snapname};
2169 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2170 $conf = $snap;
2171 }
2172 my $storecfg = PVE::Storage::config();
2173
2174 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2175 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2176
2177 return {
2178 hasFeature => $hasFeature,
2179 nodes => [ keys %$nodelist ],
2180 };
2181 }});
2182
2183 __PACKAGE__->register_method({
2184 name => 'clone_vm',
2185 path => '{vmid}/clone',
2186 method => 'POST',
2187 protected => 1,
2188 proxyto => 'node',
2189 description => "Create a copy of virtual machine/template.",
2190 permissions => {
2191 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2192 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2193 "'Datastore.AllocateSpace' on any used storage.",
2194 check =>
2195 [ 'and',
2196 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2197 [ 'or',
2198 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2199 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2200 ],
2201 ]
2202 },
2203 parameters => {
2204 additionalProperties => 0,
2205 properties => {
2206 node => get_standard_option('pve-node'),
2207 vmid => get_standard_option('pve-vmid'),
2208 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2209 name => {
2210 optional => 1,
2211 type => 'string', format => 'dns-name',
2212 description => "Set a name for the new VM.",
2213 },
2214 description => {
2215 optional => 1,
2216 type => 'string',
2217 description => "Description for the new VM.",
2218 },
2219 pool => {
2220 optional => 1,
2221 type => 'string', format => 'pve-poolid',
2222 description => "Add the new VM to the specified pool.",
2223 },
2224 snapname => get_standard_option('pve-snapshot-name', {
2225 optional => 1,
2226 }),
2227 storage => get_standard_option('pve-storage-id', {
2228 description => "Target storage for full clone.",
2229 requires => 'full',
2230 optional => 1,
2231 }),
2232 'format' => {
2233 description => "Target format for file storage.",
2234 requires => 'full',
2235 type => 'string',
2236 optional => 1,
2237 enum => [ 'raw', 'qcow2', 'vmdk'],
2238 },
2239 full => {
2240 optional => 1,
2241 type => 'boolean',
2242 description => "Create a full copy of all disk. This is always done when " .
2243 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2244 default => 0,
2245 },
2246 target => get_standard_option('pve-node', {
2247 description => "Target node. Only allowed if the original VM is on shared storage.",
2248 optional => 1,
2249 }),
2250 },
2251 },
2252 returns => {
2253 type => 'string',
2254 },
2255 code => sub {
2256 my ($param) = @_;
2257
2258 my $rpcenv = PVE::RPCEnvironment::get();
2259
2260 my $authuser = $rpcenv->get_user();
2261
2262 my $node = extract_param($param, 'node');
2263
2264 my $vmid = extract_param($param, 'vmid');
2265
2266 my $newid = extract_param($param, 'newid');
2267
2268 my $pool = extract_param($param, 'pool');
2269
2270 if (defined($pool)) {
2271 $rpcenv->check_pool_exist($pool);
2272 }
2273
2274 my $snapname = extract_param($param, 'snapname');
2275
2276 my $storage = extract_param($param, 'storage');
2277
2278 my $format = extract_param($param, 'format');
2279
2280 my $target = extract_param($param, 'target');
2281
2282 my $localnode = PVE::INotify::nodename();
2283
2284 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2285
2286 PVE::Cluster::check_node_exists($target) if $target;
2287
2288 my $storecfg = PVE::Storage::config();
2289
2290 if ($storage) {
2291 # check if storage is enabled on local node
2292 PVE::Storage::storage_check_enabled($storecfg, $storage);
2293 if ($target) {
2294 # check if storage is available on target node
2295 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2296 # clone only works if target storage is shared
2297 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2298 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2299 }
2300 }
2301
2302 PVE::Cluster::check_cfs_quorum();
2303
2304 my $running = PVE::QemuServer::check_running($vmid) || 0;
2305
2306 # exclusive lock if VM is running - else shared lock is enough;
2307 my $shared_lock = $running ? 0 : 1;
2308
2309 my $clonefn = sub {
2310
2311 # do all tests after lock
2312 # we also try to do all tests before we fork the worker
2313
2314 my $conf = PVE::QemuServer::load_config($vmid);
2315
2316 PVE::QemuServer::check_lock($conf);
2317
2318 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2319
2320 die "unexpected state change\n" if $verify_running != $running;
2321
2322 die "snapshot '$snapname' does not exist\n"
2323 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2324
2325 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2326
2327 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2328
2329 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2330
2331 my $conffile = PVE::QemuServer::config_file($newid);
2332
2333 die "unable to create VM $newid: config file already exists\n"
2334 if -f $conffile;
2335
2336 my $newconf = { lock => 'clone' };
2337 my $drives = {};
2338 my $vollist = [];
2339
2340 foreach my $opt (keys %$oldconf) {
2341 my $value = $oldconf->{$opt};
2342
2343 # do not copy snapshot related info
2344 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2345 $opt eq 'vmstate' || $opt eq 'snapstate';
2346
2347 # always change MAC! address
2348 if ($opt =~ m/^net(\d+)$/) {
2349 my $net = PVE::QemuServer::parse_net($value);
2350 $net->{macaddr} = PVE::Tools::random_ether_addr();
2351 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2352 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2353 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2354 die "unable to parse drive options for '$opt'\n" if !$drive;
2355 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2356 $newconf->{$opt} = $value; # simply copy configuration
2357 } else {
2358 if ($param->{full}) {
2359 die "Full clone feature is not available"
2360 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2361 $drive->{full} = 1;
2362 } else {
2363 # not full means clone instead of copy
2364 die "Linked clone feature is not available"
2365 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2366 }
2367 $drives->{$opt} = $drive;
2368 push @$vollist, $drive->{file};
2369 }
2370 } else {
2371 # copy everything else
2372 $newconf->{$opt} = $value;
2373 }
2374 }
2375
2376 # auto generate a new uuid
2377 my ($uuid, $uuid_str);
2378 UUID::generate($uuid);
2379 UUID::unparse($uuid, $uuid_str);
2380 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2381 $smbios1->{uuid} = $uuid_str;
2382 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2383
2384 delete $newconf->{template};
2385
2386 if ($param->{name}) {
2387 $newconf->{name} = $param->{name};
2388 } else {
2389 if ($oldconf->{name}) {
2390 $newconf->{name} = "Copy-of-$oldconf->{name}";
2391 } else {
2392 $newconf->{name} = "Copy-of-VM-$vmid";
2393 }
2394 }
2395
2396 if ($param->{description}) {
2397 $newconf->{description} = $param->{description};
2398 }
2399
2400 # create empty/temp config - this fails if VM already exists on other node
2401 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2402
2403 my $realcmd = sub {
2404 my $upid = shift;
2405
2406 my $newvollist = [];
2407
2408 eval {
2409 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2410
2411 PVE::Storage::activate_volumes($storecfg, $vollist);
2412
2413 foreach my $opt (keys %$drives) {
2414 my $drive = $drives->{$opt};
2415
2416 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2417 $newid, $storage, $format, $drive->{full}, $newvollist);
2418
2419 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2420
2421 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2422 }
2423
2424 delete $newconf->{lock};
2425 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2426
2427 if ($target) {
2428 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2429 PVE::Storage::deactivate_volumes($storecfg, $vollist);
2430
2431 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2432 die "Failed to move config to node '$target' - rename failed: $!\n"
2433 if !rename($conffile, $newconffile);
2434 }
2435
2436 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2437 };
2438 if (my $err = $@) {
2439 unlink $conffile;
2440
2441 sleep 1; # some storage like rbd need to wait before release volume - really?
2442
2443 foreach my $volid (@$newvollist) {
2444 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2445 warn $@ if $@;
2446 }
2447 die "clone failed: $err";
2448 }
2449
2450 return;
2451 };
2452
2453 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2454 };
2455
2456 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2457 # Aquire exclusive lock lock for $newid
2458 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2459 });
2460
2461 }});
2462
2463 __PACKAGE__->register_method({
2464 name => 'move_vm_disk',
2465 path => '{vmid}/move_disk',
2466 method => 'POST',
2467 protected => 1,
2468 proxyto => 'node',
2469 description => "Move volume to different storage.",
2470 permissions => {
2471 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2472 "and 'Datastore.AllocateSpace' permissions on the storage.",
2473 check =>
2474 [ 'and',
2475 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2476 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2477 ],
2478 },
2479 parameters => {
2480 additionalProperties => 0,
2481 properties => {
2482 node => get_standard_option('pve-node'),
2483 vmid => get_standard_option('pve-vmid'),
2484 disk => {
2485 type => 'string',
2486 description => "The disk you want to move.",
2487 enum => [ PVE::QemuServer::disknames() ],
2488 },
2489 storage => get_standard_option('pve-storage-id', { description => "Target Storage." }),
2490 'format' => {
2491 type => 'string',
2492 description => "Target Format.",
2493 enum => [ 'raw', 'qcow2', 'vmdk' ],
2494 optional => 1,
2495 },
2496 delete => {
2497 type => 'boolean',
2498 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2499 optional => 1,
2500 default => 0,
2501 },
2502 digest => {
2503 type => 'string',
2504 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2505 maxLength => 40,
2506 optional => 1,
2507 },
2508 },
2509 },
2510 returns => {
2511 type => 'string',
2512 description => "the task ID.",
2513 },
2514 code => sub {
2515 my ($param) = @_;
2516
2517 my $rpcenv = PVE::RPCEnvironment::get();
2518
2519 my $authuser = $rpcenv->get_user();
2520
2521 my $node = extract_param($param, 'node');
2522
2523 my $vmid = extract_param($param, 'vmid');
2524
2525 my $digest = extract_param($param, 'digest');
2526
2527 my $disk = extract_param($param, 'disk');
2528
2529 my $storeid = extract_param($param, 'storage');
2530
2531 my $format = extract_param($param, 'format');
2532
2533 my $storecfg = PVE::Storage::config();
2534
2535 my $updatefn = sub {
2536
2537 my $conf = PVE::QemuServer::load_config($vmid);
2538
2539 die "checksum missmatch (file change by other user?)\n"
2540 if $digest && $digest ne $conf->{digest};
2541
2542 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2543
2544 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2545
2546 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2547
2548 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2549
2550 my $oldfmt;
2551 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2552 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2553 $oldfmt = $1;
2554 }
2555
2556 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2557 (!$format || !$oldfmt || $oldfmt eq $format);
2558
2559 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2560
2561 my $running = PVE::QemuServer::check_running($vmid);
2562
2563 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2564
2565 my $realcmd = sub {
2566
2567 my $newvollist = [];
2568
2569 eval {
2570 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2571
2572 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2573 $vmid, $storeid, $format, 1, $newvollist);
2574
2575 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2576
2577 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2578
2579 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2580
2581 eval {
2582 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2583 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2584 if !$running;
2585 };
2586 warn $@ if $@;
2587 };
2588 if (my $err = $@) {
2589
2590 foreach my $volid (@$newvollist) {
2591 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2592 warn $@ if $@;
2593 }
2594 die "storage migration failed: $err";
2595 }
2596
2597 if ($param->{delete}) {
2598 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
2599 my $path = PVE::Storage::path($storecfg, $old_volid);
2600 if ($used_paths->{$path}){
2601 warn "volume $old_volid have snapshots. Can't delete it\n";
2602 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2603 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2604 } else {
2605 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2606 warn $@ if $@;
2607 }
2608 }
2609 };
2610
2611 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2612 };
2613
2614 return PVE::QemuServer::lock_config($vmid, $updatefn);
2615 }});
2616
2617 __PACKAGE__->register_method({
2618 name => 'migrate_vm',
2619 path => '{vmid}/migrate',
2620 method => 'POST',
2621 protected => 1,
2622 proxyto => 'node',
2623 description => "Migrate virtual machine. Creates a new migration task.",
2624 permissions => {
2625 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2626 },
2627 parameters => {
2628 additionalProperties => 0,
2629 properties => {
2630 node => get_standard_option('pve-node'),
2631 vmid => get_standard_option('pve-vmid'),
2632 target => get_standard_option('pve-node', { description => "Target node." }),
2633 online => {
2634 type => 'boolean',
2635 description => "Use online/live migration.",
2636 optional => 1,
2637 },
2638 force => {
2639 type => 'boolean',
2640 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2641 optional => 1,
2642 },
2643 },
2644 },
2645 returns => {
2646 type => 'string',
2647 description => "the task ID.",
2648 },
2649 code => sub {
2650 my ($param) = @_;
2651
2652 my $rpcenv = PVE::RPCEnvironment::get();
2653
2654 my $authuser = $rpcenv->get_user();
2655
2656 my $target = extract_param($param, 'target');
2657
2658 my $localnode = PVE::INotify::nodename();
2659 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2660
2661 PVE::Cluster::check_cfs_quorum();
2662
2663 PVE::Cluster::check_node_exists($target);
2664
2665 my $targetip = PVE::Cluster::remote_node_ip($target);
2666
2667 my $vmid = extract_param($param, 'vmid');
2668
2669 raise_param_exc({ force => "Only root may use this option." })
2670 if $param->{force} && $authuser ne 'root@pam';
2671
2672 # test if VM exists
2673 my $conf = PVE::QemuServer::load_config($vmid);
2674
2675 # try to detect errors early
2676
2677 PVE::QemuServer::check_lock($conf);
2678
2679 if (PVE::QemuServer::check_running($vmid)) {
2680 die "cant migrate running VM without --online\n"
2681 if !$param->{online};
2682 }
2683
2684 my $storecfg = PVE::Storage::config();
2685 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2686
2687 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2688
2689 my $hacmd = sub {
2690 my $upid = shift;
2691
2692 my $service = "pvevm:$vmid";
2693
2694 my $cmd = ['clusvcadm', '-M', $service, '-m', $target];
2695
2696 print "Executing HA migrate for VM $vmid to node $target\n";
2697
2698 PVE::Tools::run_command($cmd);
2699
2700 return;
2701 };
2702
2703 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2704
2705 } else {
2706
2707 my $realcmd = sub {
2708 my $upid = shift;
2709
2710 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2711 };
2712
2713 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2714 }
2715
2716 }});
2717
2718 __PACKAGE__->register_method({
2719 name => 'monitor',
2720 path => '{vmid}/monitor',
2721 method => 'POST',
2722 protected => 1,
2723 proxyto => 'node',
2724 description => "Execute Qemu monitor commands.",
2725 permissions => {
2726 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2727 },
2728 parameters => {
2729 additionalProperties => 0,
2730 properties => {
2731 node => get_standard_option('pve-node'),
2732 vmid => get_standard_option('pve-vmid'),
2733 command => {
2734 type => 'string',
2735 description => "The monitor command.",
2736 }
2737 },
2738 },
2739 returns => { type => 'string'},
2740 code => sub {
2741 my ($param) = @_;
2742
2743 my $vmid = $param->{vmid};
2744
2745 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2746
2747 my $res = '';
2748 eval {
2749 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2750 };
2751 $res = "ERROR: $@" if $@;
2752
2753 return $res;
2754 }});
2755
2756 __PACKAGE__->register_method({
2757 name => 'resize_vm',
2758 path => '{vmid}/resize',
2759 method => 'PUT',
2760 protected => 1,
2761 proxyto => 'node',
2762 description => "Extend volume size.",
2763 permissions => {
2764 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2765 },
2766 parameters => {
2767 additionalProperties => 0,
2768 properties => {
2769 node => get_standard_option('pve-node'),
2770 vmid => get_standard_option('pve-vmid'),
2771 skiplock => get_standard_option('skiplock'),
2772 disk => {
2773 type => 'string',
2774 description => "The disk you want to resize.",
2775 enum => [PVE::QemuServer::disknames()],
2776 },
2777 size => {
2778 type => 'string',
2779 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2780 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2781 },
2782 digest => {
2783 type => 'string',
2784 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2785 maxLength => 40,
2786 optional => 1,
2787 },
2788 },
2789 },
2790 returns => { type => 'null'},
2791 code => sub {
2792 my ($param) = @_;
2793
2794 my $rpcenv = PVE::RPCEnvironment::get();
2795
2796 my $authuser = $rpcenv->get_user();
2797
2798 my $node = extract_param($param, 'node');
2799
2800 my $vmid = extract_param($param, 'vmid');
2801
2802 my $digest = extract_param($param, 'digest');
2803
2804 my $disk = extract_param($param, 'disk');
2805
2806 my $sizestr = extract_param($param, 'size');
2807
2808 my $skiplock = extract_param($param, 'skiplock');
2809 raise_param_exc({ skiplock => "Only root may use this option." })
2810 if $skiplock && $authuser ne 'root@pam';
2811
2812 my $storecfg = PVE::Storage::config();
2813
2814 my $updatefn = sub {
2815
2816 my $conf = PVE::QemuServer::load_config($vmid);
2817
2818 die "checksum missmatch (file change by other user?)\n"
2819 if $digest && $digest ne $conf->{digest};
2820 PVE::QemuServer::check_lock($conf) if !$skiplock;
2821
2822 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2823
2824 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2825
2826 my $volid = $drive->{file};
2827
2828 die "disk '$disk' has no associated volume\n" if !$volid;
2829
2830 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2831
2832 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2833
2834 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2835
2836 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2837
2838 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2839 my ($ext, $newsize, $unit) = ($1, $2, $4);
2840 if ($unit) {
2841 if ($unit eq 'K') {
2842 $newsize = $newsize * 1024;
2843 } elsif ($unit eq 'M') {
2844 $newsize = $newsize * 1024 * 1024;
2845 } elsif ($unit eq 'G') {
2846 $newsize = $newsize * 1024 * 1024 * 1024;
2847 } elsif ($unit eq 'T') {
2848 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2849 }
2850 }
2851 $newsize += $size if $ext;
2852 $newsize = int($newsize);
2853
2854 die "unable to skrink disk size\n" if $newsize < $size;
2855
2856 return if $size == $newsize;
2857
2858 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2859
2860 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2861
2862 $drive->{size} = $newsize;
2863 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2864
2865 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2866 };
2867
2868 PVE::QemuServer::lock_config($vmid, $updatefn);
2869 return undef;
2870 }});
2871
2872 __PACKAGE__->register_method({
2873 name => 'snapshot_list',
2874 path => '{vmid}/snapshot',
2875 method => 'GET',
2876 description => "List all snapshots.",
2877 permissions => {
2878 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2879 },
2880 proxyto => 'node',
2881 protected => 1, # qemu pid files are only readable by root
2882 parameters => {
2883 additionalProperties => 0,
2884 properties => {
2885 vmid => get_standard_option('pve-vmid'),
2886 node => get_standard_option('pve-node'),
2887 },
2888 },
2889 returns => {
2890 type => 'array',
2891 items => {
2892 type => "object",
2893 properties => {},
2894 },
2895 links => [ { rel => 'child', href => "{name}" } ],
2896 },
2897 code => sub {
2898 my ($param) = @_;
2899
2900 my $vmid = $param->{vmid};
2901
2902 my $conf = PVE::QemuServer::load_config($vmid);
2903 my $snaphash = $conf->{snapshots} || {};
2904
2905 my $res = [];
2906
2907 foreach my $name (keys %$snaphash) {
2908 my $d = $snaphash->{$name};
2909 my $item = {
2910 name => $name,
2911 snaptime => $d->{snaptime} || 0,
2912 vmstate => $d->{vmstate} ? 1 : 0,
2913 description => $d->{description} || '',
2914 };
2915 $item->{parent} = $d->{parent} if $d->{parent};
2916 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2917 push @$res, $item;
2918 }
2919
2920 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2921 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2922 $current->{parent} = $conf->{parent} if $conf->{parent};
2923
2924 push @$res, $current;
2925
2926 return $res;
2927 }});
2928
2929 __PACKAGE__->register_method({
2930 name => 'snapshot',
2931 path => '{vmid}/snapshot',
2932 method => 'POST',
2933 protected => 1,
2934 proxyto => 'node',
2935 description => "Snapshot a VM.",
2936 permissions => {
2937 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2938 },
2939 parameters => {
2940 additionalProperties => 0,
2941 properties => {
2942 node => get_standard_option('pve-node'),
2943 vmid => get_standard_option('pve-vmid'),
2944 snapname => get_standard_option('pve-snapshot-name'),
2945 vmstate => {
2946 optional => 1,
2947 type => 'boolean',
2948 description => "Save the vmstate",
2949 },
2950 description => {
2951 optional => 1,
2952 type => 'string',
2953 description => "A textual description or comment.",
2954 },
2955 },
2956 },
2957 returns => {
2958 type => 'string',
2959 description => "the task ID.",
2960 },
2961 code => sub {
2962 my ($param) = @_;
2963
2964 my $rpcenv = PVE::RPCEnvironment::get();
2965
2966 my $authuser = $rpcenv->get_user();
2967
2968 my $node = extract_param($param, 'node');
2969
2970 my $vmid = extract_param($param, 'vmid');
2971
2972 my $snapname = extract_param($param, 'snapname');
2973
2974 die "unable to use snapshot name 'current' (reserved name)\n"
2975 if $snapname eq 'current';
2976
2977 my $realcmd = sub {
2978 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2979 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2980 $param->{description});
2981 };
2982
2983 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2984 }});
2985
2986 __PACKAGE__->register_method({
2987 name => 'snapshot_cmd_idx',
2988 path => '{vmid}/snapshot/{snapname}',
2989 description => '',
2990 method => 'GET',
2991 permissions => {
2992 user => 'all',
2993 },
2994 parameters => {
2995 additionalProperties => 0,
2996 properties => {
2997 vmid => get_standard_option('pve-vmid'),
2998 node => get_standard_option('pve-node'),
2999 snapname => get_standard_option('pve-snapshot-name'),
3000 },
3001 },
3002 returns => {
3003 type => 'array',
3004 items => {
3005 type => "object",
3006 properties => {},
3007 },
3008 links => [ { rel => 'child', href => "{cmd}" } ],
3009 },
3010 code => sub {
3011 my ($param) = @_;
3012
3013 my $res = [];
3014
3015 push @$res, { cmd => 'rollback' };
3016 push @$res, { cmd => 'config' };
3017
3018 return $res;
3019 }});
3020
3021 __PACKAGE__->register_method({
3022 name => 'update_snapshot_config',
3023 path => '{vmid}/snapshot/{snapname}/config',
3024 method => 'PUT',
3025 protected => 1,
3026 proxyto => 'node',
3027 description => "Update snapshot metadata.",
3028 permissions => {
3029 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3030 },
3031 parameters => {
3032 additionalProperties => 0,
3033 properties => {
3034 node => get_standard_option('pve-node'),
3035 vmid => get_standard_option('pve-vmid'),
3036 snapname => get_standard_option('pve-snapshot-name'),
3037 description => {
3038 optional => 1,
3039 type => 'string',
3040 description => "A textual description or comment.",
3041 },
3042 },
3043 },
3044 returns => { type => 'null' },
3045 code => sub {
3046 my ($param) = @_;
3047
3048 my $rpcenv = PVE::RPCEnvironment::get();
3049
3050 my $authuser = $rpcenv->get_user();
3051
3052 my $vmid = extract_param($param, 'vmid');
3053
3054 my $snapname = extract_param($param, 'snapname');
3055
3056 return undef if !defined($param->{description});
3057
3058 my $updatefn = sub {
3059
3060 my $conf = PVE::QemuServer::load_config($vmid);
3061
3062 PVE::QemuServer::check_lock($conf);
3063
3064 my $snap = $conf->{snapshots}->{$snapname};
3065
3066 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3067
3068 $snap->{description} = $param->{description} if defined($param->{description});
3069
3070 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3071 };
3072
3073 PVE::QemuServer::lock_config($vmid, $updatefn);
3074
3075 return undef;
3076 }});
3077
3078 __PACKAGE__->register_method({
3079 name => 'get_snapshot_config',
3080 path => '{vmid}/snapshot/{snapname}/config',
3081 method => 'GET',
3082 proxyto => 'node',
3083 description => "Get snapshot configuration",
3084 permissions => {
3085 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3086 },
3087 parameters => {
3088 additionalProperties => 0,
3089 properties => {
3090 node => get_standard_option('pve-node'),
3091 vmid => get_standard_option('pve-vmid'),
3092 snapname => get_standard_option('pve-snapshot-name'),
3093 },
3094 },
3095 returns => { type => "object" },
3096 code => sub {
3097 my ($param) = @_;
3098
3099 my $rpcenv = PVE::RPCEnvironment::get();
3100
3101 my $authuser = $rpcenv->get_user();
3102
3103 my $vmid = extract_param($param, 'vmid');
3104
3105 my $snapname = extract_param($param, 'snapname');
3106
3107 my $conf = PVE::QemuServer::load_config($vmid);
3108
3109 my $snap = $conf->{snapshots}->{$snapname};
3110
3111 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3112
3113 return $snap;
3114 }});
3115
3116 __PACKAGE__->register_method({
3117 name => 'rollback',
3118 path => '{vmid}/snapshot/{snapname}/rollback',
3119 method => 'POST',
3120 protected => 1,
3121 proxyto => 'node',
3122 description => "Rollback VM state to specified snapshot.",
3123 permissions => {
3124 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3125 },
3126 parameters => {
3127 additionalProperties => 0,
3128 properties => {
3129 node => get_standard_option('pve-node'),
3130 vmid => get_standard_option('pve-vmid'),
3131 snapname => get_standard_option('pve-snapshot-name'),
3132 },
3133 },
3134 returns => {
3135 type => 'string',
3136 description => "the task ID.",
3137 },
3138 code => sub {
3139 my ($param) = @_;
3140
3141 my $rpcenv = PVE::RPCEnvironment::get();
3142
3143 my $authuser = $rpcenv->get_user();
3144
3145 my $node = extract_param($param, 'node');
3146
3147 my $vmid = extract_param($param, 'vmid');
3148
3149 my $snapname = extract_param($param, 'snapname');
3150
3151 my $realcmd = sub {
3152 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3153 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3154 };
3155
3156 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3157 }});
3158
3159 __PACKAGE__->register_method({
3160 name => 'delsnapshot',
3161 path => '{vmid}/snapshot/{snapname}',
3162 method => 'DELETE',
3163 protected => 1,
3164 proxyto => 'node',
3165 description => "Delete a VM snapshot.",
3166 permissions => {
3167 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3168 },
3169 parameters => {
3170 additionalProperties => 0,
3171 properties => {
3172 node => get_standard_option('pve-node'),
3173 vmid => get_standard_option('pve-vmid'),
3174 snapname => get_standard_option('pve-snapshot-name'),
3175 force => {
3176 optional => 1,
3177 type => 'boolean',
3178 description => "For removal from config file, even if removing disk snapshots fails.",
3179 },
3180 },
3181 },
3182 returns => {
3183 type => 'string',
3184 description => "the task ID.",
3185 },
3186 code => sub {
3187 my ($param) = @_;
3188
3189 my $rpcenv = PVE::RPCEnvironment::get();
3190
3191 my $authuser = $rpcenv->get_user();
3192
3193 my $node = extract_param($param, 'node');
3194
3195 my $vmid = extract_param($param, 'vmid');
3196
3197 my $snapname = extract_param($param, 'snapname');
3198
3199 my $realcmd = sub {
3200 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3201 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3202 };
3203
3204 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3205 }});
3206
3207 __PACKAGE__->register_method({
3208 name => 'template',
3209 path => '{vmid}/template',
3210 method => 'POST',
3211 protected => 1,
3212 proxyto => 'node',
3213 description => "Create a Template.",
3214 permissions => {
3215 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3216 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3217 },
3218 parameters => {
3219 additionalProperties => 0,
3220 properties => {
3221 node => get_standard_option('pve-node'),
3222 vmid => get_standard_option('pve-vmid'),
3223 disk => {
3224 optional => 1,
3225 type => 'string',
3226 description => "If you want to convert only 1 disk to base image.",
3227 enum => [PVE::QemuServer::disknames()],
3228 },
3229
3230 },
3231 },
3232 returns => { type => 'null'},
3233 code => sub {
3234 my ($param) = @_;
3235
3236 my $rpcenv = PVE::RPCEnvironment::get();
3237
3238 my $authuser = $rpcenv->get_user();
3239
3240 my $node = extract_param($param, 'node');
3241
3242 my $vmid = extract_param($param, 'vmid');
3243
3244 my $disk = extract_param($param, 'disk');
3245
3246 my $updatefn = sub {
3247
3248 my $conf = PVE::QemuServer::load_config($vmid);
3249
3250 PVE::QemuServer::check_lock($conf);
3251
3252 die "unable to create template, because VM contains snapshots\n"
3253 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3254
3255 die "you can't convert a template to a template\n"
3256 if PVE::QemuServer::is_template($conf) && !$disk;
3257
3258 die "you can't convert a VM to template if VM is running\n"
3259 if PVE::QemuServer::check_running($vmid);
3260
3261 my $realcmd = sub {
3262 PVE::QemuServer::template_create($vmid, $conf, $disk);
3263 };
3264
3265 $conf->{template} = 1;
3266 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3267
3268 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3269 };
3270
3271 PVE::QemuServer::lock_config($vmid, $updatefn);
3272 return undef;
3273 }});
3274
3275 1;
Virtual Machine Manager