1 package PVE
::API2
::Qemu
;
7 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);;
9 use PVE
::Tools
qw(extract_param);
10 use PVE
::Exception
qw(raise raise_param_exc);
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use PVE
::RPCEnvironment
;
17 use PVE
::AccessControl
;
20 use Data
::Dumper
; # fixme: remove
22 use base
qw(PVE::RESTHandler);
24 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
26 my $resolve_cdrom_alias = sub {
29 if (my $value = $param->{cdrom
}) {
30 $value .= ",media=cdrom" if $value !~ m/media=/;
31 $param->{ide2
} = $value;
32 delete $param->{cdrom
};
36 my $check_volume_access = sub {
37 my ($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool) = @_;
40 if (my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1)) {
41 my ($ownervm, $vtype);
42 ($path, $ownervm, $vtype) = PVE
::Storage
::path
($storecfg, $volid);
43 if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
44 # we simply allow access
45 } elsif (!$ownervm || ($ownervm != $vmid)) {
46 # allow if we are Datastore administrator
47 $rpcenv->check_storage_perm($authuser, $vmid, $pool, $sid, [ 'Datastore.Allocate' ]);
50 die "Only root can pass arbitrary filesystem paths."
51 if $authuser ne 'root@pam';
53 $path = abs_path
($volid);
58 my $check_storage_access = sub {
59 my ($rpcenv, $authuser, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
61 PVE
::QemuServer
::foreach_drive
($settings, sub {
62 my ($ds, $drive) = @_;
64 my $isCDROM = PVE
::QemuServer
::drive_is_cdrom
($drive);
66 my $volid = $drive->{file
};
68 if (!$volid || $volid eq 'none') {
70 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
71 my ($storeid, $size) = ($2 || $default_storage, $3);
72 die "no storage ID specified (and no default storage)\n" if !$storeid;
73 $rpcenv->check_storage_perm($authuser, $vmid, $pool, $storeid, [ 'Datastore.AllocateSpace' ]);
75 my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool);
76 die "image '$path' does not exists\n" if (!(-f
$path || -b
$path));
81 # Note: $pool is only needed when creating a VM, because pool permissions
82 # are automatically inherited if VM already exists inside a pool.
83 my $create_disks = sub {
84 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
89 PVE
::QemuServer
::foreach_drive
($settings, sub {
92 my $volid = $disk->{file
};
94 if (!$volid || $volid eq 'none') {
95 $res->{$ds} = $settings->{$ds};
96 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
97 my ($storeid, $size) = ($2 || $default_storage, $3);
98 die "no storage ID specified (and no default storage)\n" if !$storeid;
99 my $defformat = PVE
::Storage
::storage_default_format
($storecfg, $storeid);
100 my $fmt = $disk->{format
} || $defformat;
101 my $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storeid, $vmid,
102 $fmt, undef, $size*1024*1024);
103 $disk->{file
} = $volid;
104 push @$vollist, $volid;
105 delete $disk->{format
}; # no longer needed
106 $res->{$ds} = PVE
::QemuServer
::print_drive
($vmid, $disk);
108 my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool);
109 die "image '$path' does not exists\n" if (!(-f
$path || -b
$path));
110 $res->{$ds} = $settings->{$ds};
114 # free allocated images on error
116 syslog
('err', "VM $vmid creating disks failed");
117 foreach my $volid (@$vollist) {
118 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
124 # modify vm config if everything went well
125 foreach my $ds (keys %$res) {
126 $conf->{$ds} = $res->{$ds};
132 my $check_vm_modify_config_perm = sub {
133 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
135 return 1 if $authuser ne 'root@pam';
137 foreach my $opt (@$key_list) {
138 # disk checks need to be done somewhere else
139 next if PVE
::QemuServer
::valid_drivename
($opt);
141 if ($opt eq 'sockets' || $opt eq 'cores' ||
142 $opt eq 'cpu' || $opt eq 'smp' ||
143 $opt eq 'cpuimit' || $opt eq 'cpuunits') {
144 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
145 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
146 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
147 } elsif ($opt eq 'memory' || $opt eq 'balloon') {
148 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
149 } elsif ($opt eq 'args' || $opt eq 'lock') {
150 die "only root can set '$opt' config\n";
151 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' ||
152 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet') {
153 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
154 } elsif ($opt =~ m/^net\d+$/) {
155 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
157 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
164 __PACKAGE__-
>register_method({
168 description
=> "Virtual machine index (per node).",
170 description
=> "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
174 protected
=> 1, # qemu pid files are only readable by root
176 additionalProperties
=> 0,
178 node
=> get_standard_option
('pve-node'),
187 links
=> [ { rel
=> 'child', href
=> "{vmid}" } ],
192 my $rpcenv = PVE
::RPCEnvironment
::get
();
193 my $authuser = $rpcenv->get_user();
195 my $vmstatus = PVE
::QemuServer
::vmstatus
();
198 foreach my $vmid (keys %$vmstatus) {
199 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
201 my $data = $vmstatus->{$vmid};
202 $data->{vmid
} = $vmid;
209 __PACKAGE__-
>register_method({
213 description
=> "Create or restore a virtual machine.",
215 description
=> "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
217 [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
218 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param
=> 'pool'],
224 additionalProperties
=> 0,
225 properties
=> PVE
::QemuServer
::json_config_properties
(
227 node
=> get_standard_option
('pve-node'),
228 vmid
=> get_standard_option
('pve-vmid'),
230 description
=> "The backup file.",
235 storage
=> get_standard_option
('pve-storage-id', {
236 description
=> "Default storage.",
242 description
=> "Allow to overwrite existing VM.",
243 requires
=> 'archive',
248 description
=> "Assign a unique random ethernet address.",
249 requires
=> 'archive',
253 type
=> 'string', format
=> 'pve-poolid',
254 description
=> "Add the VM to the specified pool.",
264 my $rpcenv = PVE
::RPCEnvironment
::get
();
266 my $authuser = $rpcenv->get_user();
268 my $node = extract_param
($param, 'node');
270 my $vmid = extract_param
($param, 'vmid');
272 my $archive = extract_param
($param, 'archive');
274 my $storage = extract_param
($param, 'storage');
276 my $force = extract_param
($param, 'force');
278 my $unique = extract_param
($param, 'unique');
280 my $pool = extract_param
($param, 'pool');
282 my $filename = PVE
::QemuServer
::config_file
($vmid);
284 my $storecfg = PVE
::Storage
::config
();
286 PVE
::Cluster
::check_cfs_quorum
();
288 if (defined($pool)) {
289 $rpcenv->check_pool_exist($pool);
290 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
293 $rpcenv->check_storage_perm($authuser, $vmid, $pool, $storage, [ 'Datastore.AllocateSpace' ])
294 if defined($storage);
297 &$resolve_cdrom_alias($param);
299 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $pool, $param, $storage);
301 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
303 foreach my $opt (keys %$param) {
304 if (PVE
::QemuServer
::valid_drivename
($opt)) {
305 my $drive = PVE
::QemuServer
::parse_drive
($opt, $param->{$opt});
306 raise_param_exc
({ $opt => "unable to parse drive options" }) if !$drive;
308 PVE
::QemuServer
::cleanup_drive_path
($opt, $storecfg, $drive);
309 $param->{$opt} = PVE
::QemuServer
::print_drive
($vmid, $drive);
313 PVE
::QemuServer
::add_random_macs
($param);
315 my $keystr = join(' ', keys %$param);
316 raise_param_exc
({ archive
=> "option conflicts with other options ($keystr)"}) if $keystr;
318 if ($archive eq '-') {
319 die "pipe requires cli environment\n"
320 && $rpcenv->{type
} ne 'cli';
322 my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive, $pool);
323 die "can't find archive file '$archive'\n" if !($path && -f
$path);
328 my $addVMtoPoolFn = sub {
329 my $usercfg = cfs_read_file
("user.cfg");
330 if (my $data = $usercfg->{pools
}->{$pool}) {
331 $data->{vms
}->{$vmid} = 1;
332 $usercfg->{vms
}->{$vmid} = $pool;
333 cfs_write_file
("user.cfg", $usercfg);
337 my $restorefn = sub {
340 die "unable to restore vm $vmid: config file already exists\n"
343 die "unable to restore vm $vmid: vm is running\n"
344 if PVE
::QemuServer
::check_running
($vmid);
346 # destroy existing data - keep empty config
347 PVE
::QemuServer
::destroy_vm
($storecfg, $vmid, 1);
351 PVE
::QemuServer
::restore_archive
($archive, $vmid, $authuser, {
354 unique
=> $unique });
356 PVE
::AccessControl
::lock_user_config
($addVMtoPoolFn, "can't add VM to pool") if $pool;
359 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
364 # second test (after locking test is accurate)
365 die "unable to create vm $vmid: config file already exists\n"
376 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
378 # try to be smart about bootdisk
379 my @disks = PVE
::QemuServer
::disknames
();
381 foreach my $ds (reverse @disks) {
382 next if !$conf->{$ds};
383 my $disk = PVE
::QemuServer
::parse_drive
($ds, $conf->{$ds});
384 next if PVE
::QemuServer
::drive_is_cdrom
($disk);
388 if (!$conf->{bootdisk
} && $firstdisk) {
389 $conf->{bootdisk
} = $firstdisk;
392 PVE
::QemuServer
::update_config_nolock
($vmid, $conf);
398 foreach my $volid (@$vollist) {
399 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
402 die "create failed - $err";
405 PVE
::AccessControl
::lock_user_config
($addVMtoPoolFn, "can't add VM to pool") if $pool;
408 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
411 return PVE
::QemuServer
::lock_config
($vmid, $archive ?
$restorefn : $createfn);
414 __PACKAGE__-
>register_method({
419 description
=> "Directory index",
424 additionalProperties
=> 0,
426 node
=> get_standard_option
('pve-node'),
427 vmid
=> get_standard_option
('pve-vmid'),
435 subdir
=> { type
=> 'string' },
438 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
444 { subdir
=> 'config' },
445 { subdir
=> 'status' },
446 { subdir
=> 'unlink' },
447 { subdir
=> 'vncproxy' },
448 { subdir
=> 'migrate' },
450 { subdir
=> 'rrddata' },
451 { subdir
=> 'monitor' },
457 __PACKAGE__-
>register_method({
459 path
=> '{vmid}/rrd',
461 protected
=> 1, # fixme: can we avoid that?
463 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
465 description
=> "Read VM RRD statistics (returns PNG)",
467 additionalProperties
=> 0,
469 node
=> get_standard_option
('pve-node'),
470 vmid
=> get_standard_option
('pve-vmid'),
472 description
=> "Specify the time frame you are interested in.",
474 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
477 description
=> "The list of datasources you want to display.",
478 type
=> 'string', format
=> 'pve-configid-list',
481 description
=> "The RRD consolidation function",
483 enum
=> [ 'AVERAGE', 'MAX' ],
491 filename
=> { type
=> 'string' },
497 return PVE
::Cluster
::create_rrd_graph
(
498 "pve2-vm/$param->{vmid}", $param->{timeframe
},
499 $param->{ds
}, $param->{cf
});
503 __PACKAGE__-
>register_method({
505 path
=> '{vmid}/rrddata',
507 protected
=> 1, # fixme: can we avoid that?
509 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
511 description
=> "Read VM RRD statistics",
513 additionalProperties
=> 0,
515 node
=> get_standard_option
('pve-node'),
516 vmid
=> get_standard_option
('pve-vmid'),
518 description
=> "Specify the time frame you are interested in.",
520 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
523 description
=> "The RRD consolidation function",
525 enum
=> [ 'AVERAGE', 'MAX' ],
540 return PVE
::Cluster
::create_rrd_data
(
541 "pve2-vm/$param->{vmid}", $param->{timeframe
}, $param->{cf
});
545 __PACKAGE__-
>register_method({
547 path
=> '{vmid}/config',
550 description
=> "Get virtual machine configuration.",
552 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
555 additionalProperties
=> 0,
557 node
=> get_standard_option
('pve-node'),
558 vmid
=> get_standard_option
('pve-vmid'),
566 description
=> 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
573 my $conf = PVE
::QemuServer
::load_config
($param->{vmid
});
578 my $vm_is_volid_owner = sub {
579 my ($storecfg, $vmid, $volid) =@_;
581 if ($volid !~ m
|^/|) {
583 eval { ($path, $owner) = PVE
::Storage
::path
($storecfg, $volid); };
584 if ($owner && ($owner == $vmid)) {
592 my $test_deallocate_drive = sub {
593 my ($storecfg, $vmid, $key, $drive, $force) = @_;
595 if (!PVE
::QemuServer
::drive_is_cdrom
($drive)) {
596 my $volid = $drive->{file
};
597 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
598 if ($force || $key =~ m/^unused/) {
599 my $sid = PVE
::Storage
::parse_volume_id
($volid);
608 my $delete_drive = sub {
609 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
611 if (!PVE
::QemuServer
::drive_is_cdrom
($drive)) {
612 my $volid = $drive->{file
};
613 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
614 if ($force || $key =~ m/^unused/) {
615 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
618 PVE
::QemuServer
::add_unused_volume
($conf, $volid, $vmid);
620 delete $conf->{$key};
625 my $vmconfig_delete_option = sub {
626 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
628 return if !defined($conf->{$opt});
630 my $isDisk = PVE
::QemuServer
::valid_drivename
($opt)|| ($opt =~ m/^unused/);
633 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
635 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
636 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
637 $rpcenv->check_storage_perm($authuser, $vmid, undef, $sid, [ 'Datastore.Allocate' ]);
641 die "error hot-unplug $opt" if !PVE
::QemuServer
::vm_deviceunplug
($vmid, $conf, $opt);
644 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
645 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
647 delete $conf->{$opt};
650 PVE
::QemuServer
::update_config_nolock
($vmid, $conf, 1);
653 my $vmconfig_update_disk = sub {
654 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
656 my $drive = PVE
::QemuServer
::parse_drive
($opt, $value);
658 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) { #cdrom
659 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
661 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
666 if (my $old_drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt})) {
668 my $media = $drive->{media
} || 'disk';
669 my $oldmedia = $old_drive->{media
} || 'disk';
670 die "unable to change media type\n" if $media ne $oldmedia;
672 if (!PVE
::QemuServer
::drive_is_cdrom
($old_drive) &&
673 ($drive->{file
} ne $old_drive->{file
})) { # delete old disks
675 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
676 $conf = PVE
::QemuServer
::load_config
($vmid); # update/reload
681 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
682 PVE
::QemuServer
::update_config_nolock
($vmid, $conf, 1);
684 $conf = PVE
::QemuServer
::load_config
($vmid); # update/reload
685 $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
687 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) { # cdrom
689 if (PVE
::QemuServer
::check_running
($vmid)) {
690 if ($drive->{file
} eq 'none') {
691 PVE
::QemuServer
::vm_monitor_command
($vmid, "eject -f drive-$opt", 0);
693 my $path = PVE
::QemuServer
::get_iso_path
($storecfg, $vmid, $drive->{file
});
694 PVE
::QemuServer
::vm_monitor_command
($vmid, "eject -f drive-$opt", 0); #force eject if locked
695 PVE
::QemuServer
::vm_monitor_command
($vmid, "change drive-$opt \"$path\"", 0) if $path;
699 } else { # hotplug new disks
701 die "error hotplug
$opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
705 my $vmconfig_update_net = sub {
706 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value) = @_;
709 #if online update, then unplug first
710 die "error hot-unplug
$opt for update
" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
713 $conf->{$opt} = $value;
714 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
715 $conf = PVE::QemuServer::load_config($vmid); # update/reload
717 my $net = PVE::QemuServer::parse_net($conf->{$opt});
719 die "error hotplug
$opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $net);
722 my $vm_config_perm_list = [
732 __PACKAGE__->register_method({
734 path => '{vmid}/config',
738 description => "Set virtual machine options
.",
740 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
743 additionalProperties => 0,
744 properties => PVE::QemuServer::json_config_properties(
746 node => get_standard_option('pve-node'),
747 vmid => get_standard_option('pve-vmid'),
748 skiplock => get_standard_option('skiplock'),
750 type => 'string', format => 'pve-configid-list',
751 description => "A list of settings you want to
delete.",
756 description => $opt_force_description,
758 requires => 'delete',
762 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
768 returns => { type => 'null'},
772 my $rpcenv = PVE::RPCEnvironment::get();
774 my $authuser = $rpcenv->get_user();
776 my $node = extract_param($param, 'node');
778 my $vmid = extract_param($param, 'vmid');
780 my $digest = extract_param($param, 'digest');
782 my @paramarr = (); # used for log message
783 foreach my $key (keys %$param) {
784 push @paramarr, "-$key", $param->{$key};
787 my $skiplock = extract_param($param, 'skiplock');
788 raise_param_exc({ skiplock => "Only root may
use this option
." })
789 if $skiplock && $authuser ne 'root@pam';
791 my $delete_str = extract_param($param, 'delete');
793 my $force = extract_param($param, 'force');
795 die "no options specified
\n" if !$delete_str && !scalar(keys %$param);
797 my $storecfg = PVE::Storage::config();
799 &$resolve_cdrom_alias($param);
801 # now try to verify all parameters
804 foreach my $opt (PVE::Tools::split_list($delete_str)) {
805 $opt = 'ide2' if $opt eq 'cdrom';
806 raise_param_exc({ delete => "you can
't use '-$opt' and " .
807 "-delete $opt' at the same
time" })
808 if defined($param->{$opt});
810 if (!PVE::QemuServer::option_exists($opt)) {
811 raise_param_exc({ delete => "unknown option
'$opt'" });
817 foreach my $opt (keys %$param) {
818 if (PVE::QemuServer::valid_drivename($opt)) {
820 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
821 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
822 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
823 } elsif ($opt =~ m/^net(\d+)$/) {
825 my $net = PVE::QemuServer::parse_net($param->{$opt});
826 $param->{$opt} = PVE::QemuServer::print_net($net);
830 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
832 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
834 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, undef, $param);
838 my $conf = PVE::QemuServer::load_config($vmid);
840 die "checksum missmatch
(file change by other user?
)\n"
841 if $digest && $digest ne $conf->{digest};
843 PVE::QemuServer::check_lock($conf) if !$skiplock;
845 PVE::Cluster::log_msg('info', $authuser, "update VM
$vmid: " . join (' ', @paramarr));
847 foreach my $opt (@delete) { # delete
848 $conf = PVE::QemuServer::load_config($vmid); # update/reload
849 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
852 foreach my $opt (keys %$param) { # add/change
854 $conf = PVE::QemuServer::load_config($vmid); # update/reload
856 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
858 if (PVE::QemuServer::valid_drivename($opt)) {
860 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
861 $opt, $param->{$opt}, $force);
863 } elsif ($opt =~ m/^net(\d+)$/) { #nics
865 &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
866 $opt, $param->{$opt});
870 $conf->{$opt} = $param->{$opt};
871 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
876 PVE::QemuServer::lock_config($vmid, $updatefn);
882 __PACKAGE__->register_method({
883 name => 'destroy_vm',
888 description => "Destroy the vm
(also
delete all used
/owned volumes
).",
890 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
893 additionalProperties => 0,
895 node => get_standard_option('pve-node'),
896 vmid => get_standard_option('pve-vmid'),
897 skiplock => get_standard_option('skiplock'),
906 my $rpcenv = PVE::RPCEnvironment::get();
908 my $authuser = $rpcenv->get_user();
910 my $vmid = $param->{vmid};
912 my $skiplock = $param->{skiplock};
913 raise_param_exc({ skiplock => "Only root may
use this option
." })
914 if $skiplock && $authuser ne 'root@pam';
917 my $conf = PVE::QemuServer::load_config($vmid);
919 my $storecfg = PVE::Storage::config();
921 my $delVMfromPoolFn = sub {
922 my $usercfg = cfs_read_file("user
.cfg
");
923 my $pool = $usercfg->{vms}->{$vmid};
924 if (my $data = $usercfg->{pools}->{$pool}) {
925 delete $data->{vms}->{$vmid};
926 delete $usercfg->{vms}->{$vmid};
927 cfs_write_file("user
.cfg
", $usercfg);
934 syslog('info', "destroy VM
$vmid: $upid\n");
936 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
938 PVE::AccessControl::lock_user_config($delVMfromPoolFn, "pool cleanup failed
");
941 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
944 __PACKAGE__->register_method({
946 path => '{vmid}/unlink',
950 description => "Unlink
/delete disk images
.",
952 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
955 additionalProperties => 0,
957 node => get_standard_option('pve-node'),
958 vmid => get_standard_option('pve-vmid'),
960 type => 'string', format => 'pve-configid-list',
961 description => "A list of disk IDs you want to
delete.",
965 description => $opt_force_description,
970 returns => { type => 'null'},
974 $param->{delete} = extract_param($param, 'idlist');
976 __PACKAGE__->update_vm($param);
983 __PACKAGE__->register_method({
985 path => '{vmid}/vncproxy',
989 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
991 description => "Creates a TCP VNC proxy connections
.",
993 additionalProperties => 0,
995 node => get_standard_option('pve-node'),
996 vmid => get_standard_option('pve-vmid'),
1000 additionalProperties => 0,
1002 user => { type => 'string' },
1003 ticket => { type => 'string' },
1004 cert => { type => 'string' },
1005 port => { type => 'integer' },
1006 upid => { type => 'string' },
1012 my $rpcenv = PVE::RPCEnvironment::get();
1014 my $authuser = $rpcenv->get_user();
1016 my $vmid = $param->{vmid};
1017 my $node = $param->{node};
1019 my $authpath = "/vms/$vmid";
1021 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1023 $sslcert = PVE::Tools::file_get_contents("/etc/pve
/pve-root-ca
.pem
", 8192)
1026 my $port = PVE::Tools::next_vnc_port();
1030 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1031 $remip = PVE::Cluster::remote_node_ip($node);
1034 # NOTE: kvm VNC traffic is already TLS encrypted,
1035 # so we select the fastest chipher here (or 'none'?)
1036 my $remcmd = $remip ? ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
1037 '-c', 'blowfish-cbc', $remip] : [];
1044 syslog('info', "starting vnc proxy
$upid\n");
1046 my $qmcmd = [@$remcmd, "/usr/sbin
/qm
", 'vncproxy', $vmid];
1048 my $qmstr = join(' ', @$qmcmd);
1050 # also redirect stderr (else we get RFB protocol errors)
1051 my $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null
"];
1053 PVE::Tools::run_command($cmd);
1058 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1069 __PACKAGE__->register_method({
1071 path => '{vmid}/status',
1074 description => "Directory
index",
1079 additionalProperties => 0,
1081 node => get_standard_option('pve-node'),
1082 vmid => get_standard_option('pve-vmid'),
1090 subdir => { type => 'string' },
1093 links => [ { rel => 'child', href => "{subdir
}" } ],
1099 my $conf = PVE::QemuServer::load_config($param->{vmid});
1102 { subdir => 'current' },
1103 { subdir => 'start' },
1104 { subdir => 'stop' },
1110 __PACKAGE__->register_method({
1111 name => 'vm_status',
1112 path => '{vmid}/status/current',
1115 protected => 1, # qemu pid files are only readable by root
1116 description => "Get virtual machine status
.",
1118 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1121 additionalProperties => 0,
1123 node => get_standard_option('pve-node'),
1124 vmid => get_standard_option('pve-vmid'),
1127 returns => { type => 'object' },
1132 my $conf = PVE::QemuServer::load_config($param->{vmid});
1134 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid});
1135 my $status = $vmstatus->{$param->{vmid}};
1137 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1138 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $param->{vmid}, 1)) {
1147 __PACKAGE__->register_method({
1149 path => '{vmid}/status/start',
1153 description => "Start virtual machine
.",
1155 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1158 additionalProperties => 0,
1160 node => get_standard_option('pve-node'),
1161 vmid => get_standard_option('pve-vmid'),
1162 skiplock => get_standard_option('skiplock'),
1163 stateuri => get_standard_option('pve-qm-stateuri'),
1172 my $rpcenv = PVE::RPCEnvironment::get();
1174 my $authuser = $rpcenv->get_user();
1176 my $node = extract_param($param, 'node');
1178 my $vmid = extract_param($param, 'vmid');
1180 my $stateuri = extract_param($param, 'stateuri');
1181 raise_param_exc({ stateuri => "Only root may
use this option
." })
1182 if $stateuri && $authuser ne 'root@pam';
1184 my $skiplock = extract_param($param, 'skiplock');
1185 raise_param_exc({ skiplock => "Only root may
use this option
." })
1186 if $skiplock && $authuser ne 'root@pam';
1188 my $storecfg = PVE::Storage::config();
1193 syslog('info', "start VM
$vmid: $upid\n");
1195 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock);
1200 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1203 __PACKAGE__->register_method({
1205 path => '{vmid}/status/stop',
1209 description => "Stop virtual machine
.",
1211 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1214 additionalProperties => 0,
1216 node => get_standard_option('pve-node'),
1217 vmid => get_standard_option('pve-vmid'),
1218 skiplock => get_standard_option('skiplock'),
1220 description => "Wait maximal timeout seconds
.",
1226 description => "Do
not decativate storage volumes
.",
1239 my $rpcenv = PVE::RPCEnvironment::get();
1241 my $authuser = $rpcenv->get_user();
1243 my $node = extract_param($param, 'node');
1245 my $vmid = extract_param($param, 'vmid');
1247 my $skiplock = extract_param($param, 'skiplock');
1248 raise_param_exc({ skiplock => "Only root may
use this option
." })
1249 if $skiplock && $authuser ne 'root@pam';
1251 my $keepActive = extract_param($param, 'keepActive');
1252 raise_param_exc({ keepActive => "Only root may
use this option
." })
1253 if $keepActive && $authuser ne 'root@pam';
1255 my $storecfg = PVE::Storage::config();
1260 syslog('info', "stop VM
$vmid: $upid\n");
1262 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1263 $param->{timeout}, 0, 1, $keepActive);
1268 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1271 __PACKAGE__->register_method({
1273 path => '{vmid}/status/reset',
1277 description => "Reset virtual machine
.",
1279 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1282 additionalProperties => 0,
1284 node => get_standard_option('pve-node'),
1285 vmid => get_standard_option('pve-vmid'),
1286 skiplock => get_standard_option('skiplock'),
1295 my $rpcenv = PVE::RPCEnvironment::get();
1297 my $authuser = $rpcenv->get_user();
1299 my $node = extract_param($param, 'node');
1301 my $vmid = extract_param($param, 'vmid');
1303 my $skiplock = extract_param($param, 'skiplock');
1304 raise_param_exc({ skiplock => "Only root may
use this option
." })
1305 if $skiplock && $authuser ne 'root@pam';
1307 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1312 PVE::QemuServer::vm_reset($vmid, $skiplock);
1317 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1320 __PACKAGE__->register_method({
1321 name => 'vm_shutdown',
1322 path => '{vmid}/status/shutdown',
1326 description => "Shutdown virtual machine
.",
1328 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1331 additionalProperties => 0,
1333 node => get_standard_option('pve-node'),
1334 vmid => get_standard_option('pve-vmid'),
1335 skiplock => get_standard_option('skiplock'),
1337 description => "Wait maximal timeout seconds
.",
1343 description => "Make sure the VM stops
.",
1349 description => "Do
not decativate storage volumes
.",
1362 my $rpcenv = PVE::RPCEnvironment::get();
1364 my $authuser = $rpcenv->get_user();
1366 my $node = extract_param($param, 'node');
1368 my $vmid = extract_param($param, 'vmid');
1370 my $skiplock = extract_param($param, 'skiplock');
1371 raise_param_exc({ skiplock => "Only root may
use this option
." })
1372 if $skiplock && $authuser ne 'root@pam';
1374 my $keepActive = extract_param($param, 'keepActive');
1375 raise_param_exc({ keepActive => "Only root may
use this option
." })
1376 if $keepActive && $authuser ne 'root@pam';
1378 my $storecfg = PVE::Storage::config();
1383 syslog('info', "shutdown VM
$vmid: $upid\n");
1385 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1386 1, $param->{forceStop}, $keepActive);
1391 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1394 __PACKAGE__->register_method({
1395 name => 'vm_suspend',
1396 path => '{vmid}/status/suspend',
1400 description => "Suspend virtual machine
.",
1402 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1405 additionalProperties => 0,
1407 node => get_standard_option('pve-node'),
1408 vmid => get_standard_option('pve-vmid'),
1409 skiplock => get_standard_option('skiplock'),
1418 my $rpcenv = PVE::RPCEnvironment::get();
1420 my $authuser = $rpcenv->get_user();
1422 my $node = extract_param($param, 'node');
1424 my $vmid = extract_param($param, 'vmid');
1426 my $skiplock = extract_param($param, 'skiplock');
1427 raise_param_exc({ skiplock => "Only root may
use this option
." })
1428 if $skiplock && $authuser ne 'root@pam';
1430 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1435 syslog('info', "suspend VM
$vmid: $upid\n");
1437 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1442 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1445 __PACKAGE__->register_method({
1446 name => 'vm_resume',
1447 path => '{vmid}/status/resume',
1451 description => "Resume virtual machine
.",
1453 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1456 additionalProperties => 0,
1458 node => get_standard_option('pve-node'),
1459 vmid => get_standard_option('pve-vmid'),
1460 skiplock => get_standard_option('skiplock'),
1469 my $rpcenv = PVE::RPCEnvironment::get();
1471 my $authuser = $rpcenv->get_user();
1473 my $node = extract_param($param, 'node');
1475 my $vmid = extract_param($param, 'vmid');
1477 my $skiplock = extract_param($param, 'skiplock');
1478 raise_param_exc({ skiplock => "Only root may
use this option
." })
1479 if $skiplock && $authuser ne 'root@pam';
1481 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1486 syslog('info', "resume VM
$vmid: $upid\n");
1488 PVE::QemuServer::vm_resume($vmid, $skiplock);
1493 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1496 __PACKAGE__->register_method({
1497 name => 'vm_sendkey',
1498 path => '{vmid}/sendkey',
1502 description => "Send key event to virtual machine
.",
1504 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1507 additionalProperties => 0,
1509 node => get_standard_option('pve-node'),
1510 vmid => get_standard_option('pve-vmid'),
1511 skiplock => get_standard_option('skiplock'),
1513 description => "The key
(qemu monitor encoding
).",
1518 returns => { type => 'null'},
1522 my $rpcenv = PVE::RPCEnvironment::get();
1524 my $authuser = $rpcenv->get_user();
1526 my $node = extract_param($param, 'node');
1528 my $vmid = extract_param($param, 'vmid');
1530 my $skiplock = extract_param($param, 'skiplock');
1531 raise_param_exc({ skiplock => "Only root may
use this option
." })
1532 if $skiplock && $authuser ne 'root@pam';
1534 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1539 __PACKAGE__->register_method({
1540 name => 'migrate_vm',
1541 path => '{vmid}/migrate',
1545 description => "Migrate virtual machine
. Creates a new migration task
.",
1547 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
1550 additionalProperties => 0,
1552 node => get_standard_option('pve-node'),
1553 vmid => get_standard_option('pve-vmid'),
1554 target => get_standard_option('pve-node', { description => "Target node
." }),
1557 description => "Use online
/live migration
.",
1562 description => "Allow to migrate VMs which
use local devices
. Only root may
use this option
.",
1569 description => "the task ID
.",
1574 my $rpcenv = PVE::RPCEnvironment::get();
1576 my $authuser = $rpcenv->get_user();
1578 my $target = extract_param($param, 'target');
1580 my $localnode = PVE::INotify::nodename();
1581 raise_param_exc({ target => "target
is local node
."}) if $target eq $localnode;
1583 PVE::Cluster::check_cfs_quorum();
1585 PVE::Cluster::check_node_exists($target);
1587 my $targetip = PVE::Cluster::remote_node_ip($target);
1589 my $vmid = extract_param($param, 'vmid');
1591 raise_param_exc({ force => "Only root may
use this option
." })
1592 if $param->{force} && $authuser ne 'root@pam';
1595 my $conf = PVE::QemuServer::load_config($vmid);
1597 # try to detect errors early
1599 PVE::QemuServer::check_lock($conf);
1601 if (PVE::QemuServer::check_running($vmid)) {
1602 die "cant migrate running VM without
--online
\n"
1603 if !$param->{online};
1609 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
1612 my $upid = $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
1617 __PACKAGE__->register_method({
1619 path => '{vmid}/monitor',
1623 description => "Execute Qemu monitor commands
.",
1625 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
1628 additionalProperties => 0,
1630 node => get_standard_option('pve-node'),
1631 vmid => get_standard_option('pve-vmid'),
1634 description => "The monitor command
.",
1638 returns => { type => 'string'},
1642 my $vmid = $param->{vmid};
1644 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
1648 $res = PVE::QemuServer::vm_monitor_command($vmid, $param->{command});
1650 $res = "ERROR
: $@" if $@;