1 package PVE
::API2
::Qemu
;
8 use PVE
::Tools
qw(extract_param);
9 use PVE
::Exception
qw(raise raise_param_exc);
11 use PVE
::JSONSchema
qw(get_standard_option);
15 use PVE
::RPCEnvironment
;
16 use PVE
::AccessControl
;
19 use Data
::Dumper
; # fixme: remove
21 use base
qw(PVE::RESTHandler);
23 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
25 my $resolve_cdrom_alias = sub {
28 if (my $value = $param->{cdrom
}) {
29 $value .= ",media=cdrom" if $value !~ m/media=/;
30 $param->{ide2
} = $value;
31 delete $param->{cdrom
};
35 __PACKAGE__-
>register_method({
39 description
=> "Virtual machine index (per node).",
41 protected
=> 1, # qemu pid files are only readable by root
43 additionalProperties
=> 0,
45 node
=> get_standard_option
('pve-node'),
54 links
=> [ { rel
=> 'child', href
=> "{vmid}" } ],
59 my $vmstatus = PVE
::QemuServer
::vmstatus
();
61 return PVE
::RESTHandler
::hash_to_array
($vmstatus, 'vmid');
65 __PACKAGE__-
>register_method({
69 description
=> "Create new virtual machine.",
73 additionalProperties
=> 0,
74 properties
=> PVE
::QemuServer
::json_config_properties
(
76 node
=> get_standard_option
('pve-node'),
77 vmid
=> get_standard_option
('pve-vmid'),
80 returns
=> { type
=> 'null'},
84 my $node = extract_param
($param, 'node');
88 my $vmid = extract_param
($param, 'vmid');
90 my $filename = PVE
::QemuServer
::config_file
($vmid);
91 # first test (befor locking)
92 die "unable to create vm $vmid: config file already exists\n"
95 my $storecfg = PVE
::Storage
::config
();
97 &$resolve_cdrom_alias($param);
99 foreach my $opt (keys %$param) {
100 if (PVE
::QemuServer
::valid_drivename
($opt)) {
101 my $drive = PVE
::QemuServer
::parse_drive
($opt, $param->{$opt});
102 raise_param_exc
({ $opt => "unable to parse drive options" }) if !$drive;
104 PVE
::QemuServer
::cleanup_drive_path
($opt, $storecfg, $drive);
105 $param->{$opt} = PVE
::QemuServer
::print_drive
($vmid, $drive);
109 PVE
::QemuServer
::add_random_macs
($param);
111 #fixme: ? syslog ('info', "VM $vmid creating new virtual machine");
117 # second test (after locking test is accurate)
118 die "unable to create vm $vmid: config file already exists\n"
121 $vollist = PVE
::QemuServer
::create_disks
($storecfg, $vmid, $param);
123 # try to be smart about bootdisk
124 my @disks = PVE
::QemuServer
::disknames
();
126 foreach my $ds (reverse @disks) {
127 next if !$param->{$ds};
128 my $disk = PVE
::QemuServer
::parse_drive
($ds, $param->{$ds});
129 next if PVE
::QemuServer
::drive_is_cdrom
($disk);
133 if (!$param->{bootdisk
} && $firstdisk) {
134 $param->{bootdisk
} = $firstdisk;
137 PVE
::QemuServer
::create_conf_nolock
($vmid, $param);
140 eval { PVE
::QemuServer
::lock_config
($vmid, $createfn); };
144 foreach my $volid (@$vollist) {
145 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
148 die "create failed - $err";
154 __PACKAGE__-
>register_method({
159 description
=> "Directory index",
161 additionalProperties
=> 0,
163 node
=> get_standard_option
('pve-node'),
164 vmid
=> get_standard_option
('pve-vmid'),
172 subdir
=> { type
=> 'string' },
175 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
181 { subdir
=> 'config' },
182 { subdir
=> 'status' },
183 { subdir
=> 'unlink' },
184 { subdir
=> 'vncproxy' },
185 { subdir
=> 'migrate' },
187 { subdir
=> 'rrddata' },
193 __PACKAGE__-
>register_method({
195 path
=> '{vmid}/rrd',
197 protected
=> 1, # fixme: can we avoid that?
199 path
=> '/vms/{vmid}',
200 privs
=> [ 'VM.Audit' ],
202 description
=> "Read VM RRD statistics (returns PNG)",
204 additionalProperties
=> 0,
206 node
=> get_standard_option
('pve-node'),
207 vmid
=> get_standard_option
('pve-vmid'),
209 description
=> "Specify the time frame you are interested in.",
211 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
214 description
=> "The list of datasources you want to display.",
215 type
=> 'string', format
=> 'pve-configid-list',
218 description
=> "The RRD consolidation function",
220 enum
=> [ 'AVERAGE', 'MAX' ],
228 filename
=> { type
=> 'string' },
234 return PVE
::Cluster
::create_rrd_graph
(
235 "pve2-vm/$param->{vmid}", $param->{timeframe
},
236 $param->{ds
}, $param->{cf
});
240 __PACKAGE__-
>register_method({
242 path
=> '{vmid}/rrddata',
244 protected
=> 1, # fixme: can we avoid that?
246 path
=> '/vms/{vmid}',
247 privs
=> [ 'VM.Audit' ],
249 description
=> "Read VM RRD statistics",
251 additionalProperties
=> 0,
253 node
=> get_standard_option
('pve-node'),
254 vmid
=> get_standard_option
('pve-vmid'),
256 description
=> "Specify the time frame you are interested in.",
258 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
261 description
=> "The RRD consolidation function",
263 enum
=> [ 'AVERAGE', 'MAX' ],
278 return PVE
::Cluster
::create_rrd_data
(
279 "pve2-vm/$param->{vmid}", $param->{timeframe
}, $param->{cf
});
283 __PACKAGE__-
>register_method({
285 path
=> '{vmid}/config',
288 description
=> "Get virtual machine configuration.",
290 additionalProperties
=> 0,
292 node
=> get_standard_option
('pve-node'),
293 vmid
=> get_standard_option
('pve-vmid'),
301 description
=> 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
308 my $conf = PVE
::QemuServer
::load_config
($param->{vmid
});
313 __PACKAGE__-
>register_method({
315 path
=> '{vmid}/config',
319 description
=> "Set virtual machine options.",
321 additionalProperties
=> 0,
322 properties
=> PVE
::QemuServer
::json_config_properties
(
324 node
=> get_standard_option
('pve-node'),
325 vmid
=> get_standard_option
('pve-vmid'),
326 skiplock
=> get_standard_option
('skiplock'),
328 type
=> 'string', format
=> 'pve-configid-list',
329 description
=> "A list of settings you want to delete.",
334 description
=> $opt_force_description,
336 requires
=> 'delete',
340 description
=> 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
346 returns
=> { type
=> 'null'},
350 my $rpcenv = PVE
::RPCEnvironment
::get
();
352 my $user = $rpcenv->get_user();
354 my $node = extract_param
($param, 'node');
356 my $vmid = extract_param
($param, 'vmid');
358 my $skiplock = extract_param
($param, 'skiplock');
359 raise_param_exc
({ skiplock
=> "Only root may use this option." })
360 if $skiplock && $user ne 'root@pam';
362 my $delete = extract_param
($param, 'delete');
363 my $force = extract_param
($param, 'force');
365 die "no options specified\n" if !$delete && !scalar(keys %$param);
367 my $digest = extract_param
($param, 'digest');
369 my $storecfg = PVE
::Storage
::config
();
371 &$resolve_cdrom_alias($param);
376 foreach my $opt (keys %$param) {
377 if (PVE
::QemuServer
::valid_drivename
($opt)) {
378 my $drive = PVE
::QemuServer
::parse_drive
($opt, $param->{$opt});
379 raise_param_exc
({ $opt => "unable to parse drive options" }) if !$drive;
380 if ($drive->{file
} eq 'eject') {
382 delete $param->{$opt};
386 PVE
::QemuServer
::cleanup_drive_path
($opt, $storecfg, $drive);
387 $param->{$opt} = PVE
::QemuServer
::print_drive
($vmid, $drive);
389 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) {
390 $cdchange->{$opt} = PVE
::QemuServer
::get_iso_path
($storecfg, $vmid, $drive->{file
});
395 foreach my $opt (PVE
::Tools
::split_list
($delete)) {
396 $opt = 'ide2' if $opt eq 'cdrom';
397 die "you can't use '-$opt' and '-delete $opt' at the same time\n"
398 if defined($param->{$opt});
401 PVE
::QemuServer
::add_random_macs
($param);
407 my $conf = PVE
::QemuServer
::load_config
($vmid);
409 die "checksum missmatch (file change by other user?)\n"
410 if $digest && $digest ne $conf->{digest
};
412 PVE
::QemuServer
::check_lock
($conf) if !$skiplock;
414 foreach my $opt (keys %$eject) {
416 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
417 $cdchange->{$opt} = undef if PVE
::QemuServer
::drive_is_cdrom
($drive);
419 raise_param_exc
({ $opt => "eject failed - drive does not exist." });
423 foreach my $opt (keys %$param) {
424 next if !PVE
::QemuServer
::valid_drivename
($opt);
425 next if !$conf->{$opt};
426 my $old_drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
427 next if PVE
::QemuServer
::drive_is_cdrom
($old_drive);
428 my $new_drive = PVE
::QemuServer
::parse_drive
($opt, $param->{$opt});
429 if ($new_drive->{file
} ne $old_drive->{file
}) {
431 eval { ($path, $owner) = PVE
::Storage
::path
($storecfg, $old_drive->{file
}); };
432 if ($owner && ($owner == $vmid)) {
433 PVE
::QemuServer
::add_unused_volume
($conf, $param, $old_drive->{file
});
440 foreach my $opt (PVE
::Tools
::split_list
($delete)) {
441 $opt = 'ide2' if $opt eq 'cdrom';
442 if (!PVE
::QemuServer
::option_exists
($opt)) {
443 raise_param_exc
({ delete => "unknown option '$opt'" });
445 next if !defined($conf->{$opt});
446 if (PVE
::QemuServer
::valid_drivename
($opt)) {
447 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
448 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) {
449 $cdchange->{$opt} = undef;
451 my $volid = $drive->{file
};
453 if ($volid !~ m
|^/|) {
455 eval { ($path, $owner) = PVE
::Storage
::path
($storecfg, $volid); };
456 if ($owner && ($owner == $vmid)) {
458 push @$vollist, $volid;
460 PVE
::QemuServer
::add_unused_volume
($conf, $param, $volid);
465 } elsif ($opt =~ m/^unused/) {
466 push @$vollist, $conf->{$opt};
472 PVE
::QemuServer
::create_disks
($storecfg, $vmid, $param);
474 PVE
::QemuServer
::change_config_nolock
($vmid, $param, $unset, 1);
476 return if !PVE
::QemuServer
::check_running
($vmid);
478 foreach my $opt (keys %$cdchange) {
479 my $qdn = PVE
::QemuServer
::qemu_drive_name
($opt, 'cdrom');
480 my $path = $cdchange->{$opt};
481 PVE
::QemuServer
::vm_monitor_command
($vmid, "eject $qdn", 0);
482 PVE
::QemuServer
::vm_monitor_command
($vmid, "change $qdn \"$path\"", 0) if $path;
486 PVE::QemuServer::lock_config($vmid, $updatefn);
488 foreach my $volid (@$vollist) {
489 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
498 __PACKAGE__->register_method({
499 name => 'destroy_vm',
504 description => "Destroy the vm
(also
delete all used
/owned volumes
).",
506 additionalProperties => 0,
508 node => get_standard_option('pve-node'),
509 vmid => get_standard_option('pve-vmid'),
510 skiplock => get_standard_option('skiplock'),
513 returns => { type => 'null' },
517 my $rpcenv = PVE::RPCEnvironment::get();
519 my $user = $rpcenv->get_user();
521 my $vmid = $param->{vmid};
523 my $skiplock = $param->{skiplock};
524 raise_param_exc({ skiplock => "Only root may
use this option
." })
525 if $skiplock && $user ne 'root@pam';
527 my $storecfg = PVE::Storage::config();
529 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
534 __PACKAGE__->register_method({
536 path => '{vmid}/unlink',
540 description => "Unlink
/delete disk images
.",
542 additionalProperties => 0,
544 node => get_standard_option('pve-node'),
545 vmid => get_standard_option('pve-vmid'),
547 type => 'string', format => 'pve-configid-list',
548 description => "A list of disk IDs you want to
delete.",
552 description => $opt_force_description,
557 returns => { type => 'null'},
561 $param->{delete} = extract_param($param, 'idlist');
563 __PACKAGE__->update_vm($param);
570 __PACKAGE__->register_method({
572 path => '{vmid}/vncproxy',
576 path => '/vms/{vmid}',
577 privs => [ 'VM.Console' ],
579 description => "Creates a TCP VNC proxy connections
.",
581 additionalProperties => 0,
583 node => get_standard_option('pve-node'),
584 vmid => get_standard_option('pve-vmid'),
588 additionalProperties => 0,
590 user => { type => 'string' },
591 ticket => { type => 'string' },
592 cert => { type => 'string' },
593 port => { type => 'integer' },
594 upid => { type => 'string' },
600 my $rpcenv = PVE::RPCEnvironment::get();
602 my $user = $rpcenv->get_user();
603 my $ticket = PVE::AccessControl::assemble_ticket($user);
605 my $vmid = $param->{vmid};
606 my $node = $param->{node};
608 $sslcert = PVE::Tools::file_get_contents("/etc/pve
/pve-root-ca
.pem
", 8192)
611 my $port = PVE::Tools::next_vnc_port();
615 if ($node ne PVE::INotify::nodename()) {
616 $remip = PVE::Cluster::remote_node_ip($node);
619 # NOTE: kvm VNC traffic is already TLS encrypted,
620 # so we select the fastest chipher here (or 'none'?)
621 my $remcmd = $remip ? ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
622 '-c', 'blowfish-cbc', $remip] : [];
629 syslog('info', "starting vnc proxy
$upid\n");
631 my $qmcmd = [@$remcmd, "/usr/sbin
/qm
", 'vncproxy', $vmid];
633 my $qmstr = join(' ', @$qmcmd);
635 # also redirect stderr (else we get RFB protocol errors)
636 my @cmd = ('/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null
");
638 my $cmdstr = join(' ', @cmd);
639 syslog('info', "CMD3
: $cmdstr");
641 if (system(@cmd) != 0) {
642 my $msg = "VM
$vmid vnc proxy failed
- $?";
650 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $user, $realcmd);
661 __PACKAGE__->register_method({
663 path => '{vmid}/status',
666 protected => 1, # qemu pid files are only readable by root
667 description => "Get virtual machine status
.",
669 additionalProperties => 0,
671 node => get_standard_option('pve-node'),
672 vmid => get_standard_option('pve-vmid'),
675 returns => { type => 'object' },
680 my $conf = PVE::QemuServer::load_config($param->{vmid});
682 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid});
684 return $vmstatus->{$param->{vmid}};
687 __PACKAGE__->register_method({
688 name => 'vm_command',
689 path => '{vmid}/status',
693 description => "Set virtual machine status
(execute vm commands
).",
695 additionalProperties => 0,
697 node => get_standard_option('pve-node'),
698 vmid => get_standard_option('pve-vmid'),
699 skiplock => get_standard_option('skiplock'),
700 stateuri => get_standard_option('pve-qm-stateuri'),
702 description => "The command to execute
.",
704 enum => [qw(start stop reset shutdown cad suspend resume) ],
708 returns
=> { type
=> 'null'},
712 my $rpcenv = PVE
::RPCEnvironment
::get
();
714 my $user = $rpcenv->get_user();
716 my $node = extract_param
($param, 'node');
718 my $vmid = extract_param
($param, 'vmid');
720 my $stateuri = extract_param
($param, 'stateuri');
721 raise_param_exc
({ stateuri
=> "Only root may use this option." })
722 if $stateuri && $user ne 'root@pam';
724 my $skiplock = extract_param
($param, 'skiplock');
725 raise_param_exc
({ skiplock
=> "Only root may use this option." })
726 if $skiplock && $user ne 'root@pam';
728 my $command = $param->{command
};
730 my $storecfg = PVE
::Storage
::config
();
732 if ($command eq 'start') {
733 PVE
::QemuServer
::vm_start
($storecfg, $vmid, $stateuri, $skiplock);
734 } elsif ($command eq 'stop') {
735 PVE
::QemuServer
::vm_stop
($vmid, $skiplock);
736 } elsif ($command eq 'reset') {
737 PVE
::QemuServer
::vm_reset
($vmid, $skiplock);
738 } elsif ($command eq 'shutdown') {
739 PVE
::QemuServer
::vm_shutdown
($vmid, $skiplock);
740 } elsif ($command eq 'suspend') {
741 PVE
::QemuServer
::vm_suspend
($vmid, $skiplock);
742 } elsif ($command eq 'resume') {
743 PVE
::QemuServer
::vm_resume
($vmid, $skiplock);
744 } elsif ($command eq 'cad') {
745 PVE
::QemuServer
::vm_cad
($vmid, $skiplock);
747 raise_param_exc
({ command
=> "unknown command '$command'" })
753 __PACKAGE__-
>register_method({
754 name
=> 'migrate_vm',
755 path
=> '{vmid}/migrate',
759 description
=> "Migrate virtual machine. Creates a new migration task.",
761 additionalProperties
=> 0,
763 node
=> get_standard_option
('pve-node'),
764 vmid
=> get_standard_option
('pve-vmid'),
765 target
=> get_standard_option
('pve-node', { description
=> "Target node." }),
768 description
=> "Use online/live migration.",
773 description
=> "Allow to migrate VMs which use local devices. Only root may use this option.",
780 description
=> "the task ID.",
785 my $rpcenv = PVE
::RPCEnvironment
::get
();
787 my $user = $rpcenv->get_user();
789 my $target = extract_param
($param, 'target');
791 my $localnode = PVE
::INotify
::nodename
();
792 raise_param_exc
({ target
=> "target is local node."}) if $target eq $localnode;
794 PVE
::Cluster
::check_cfs_quorum
();
796 PVE
::Cluster
::check_node_exists
($target);
798 my $targetip = PVE
::Cluster
::remote_node_ip
($target);
800 my $vmid = extract_param
($param, 'vmid');
802 raise_param_exc
({ force
=> "Only root may use this option." }) if $user ne 'root@pam';
805 PVE
::QemuServer
::load_config
($vmid);
807 # try to detect errors early
808 if (PVE
::QemuServer
::check_running
($vmid)) {
809 die "cant migrate running VM without --online\n"
810 if !$param->{online
};
816 PVE
::QemuMigrate
::migrate
($target, $targetip, $vmid, $param->{online
}, $param->{force
});
819 my $upid = $rpcenv->fork_worker('qmigrate', $vmid, $user, $realcmd);