]> git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
projects / pve-container.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix hardcoded CT uptime in vmstatus
[pve-container.git] / src / PVE / API2 / LXC.pm
1 package PVE::API2::LXC;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param run_command);
8 use PVE::Exception qw(raise raise_param_exc);
9 use PVE::INotify;
10 use PVE::Cluster qw(cfs_read_file);
11 use PVE::AccessControl;
12 use PVE::Firewall;
13 use PVE::Storage;
14 use PVE::RESTHandler;
15 use PVE::RPCEnvironment;
16 use PVE::LXC;
17 use PVE::LXC::Create;
18 use PVE::LXC::Migrate;
19 use PVE::API2::LXC::Config;
20 use PVE::API2::LXC::Status;
21 use PVE::API2::LXC::Snapshot;
22 use PVE::HA::Config;
23 use PVE::JSONSchema qw(get_standard_option);
24 use base qw(PVE::RESTHandler);
25
26 use Data::Dumper; # fixme: remove
27
28 __PACKAGE__->register_method ({
29 subclass => "PVE::API2::LXC::Config",
30 path => '{vmid}/config',
31 });
32
33 __PACKAGE__->register_method ({
34 subclass => "PVE::API2::LXC::Status",
35 path => '{vmid}/status',
36 });
37
38 __PACKAGE__->register_method ({
39 subclass => "PVE::API2::LXC::Snapshot",
40 path => '{vmid}/snapshot',
41 });
42
43 __PACKAGE__->register_method ({
44 subclass => "PVE::API2::Firewall::CT",
45 path => '{vmid}/firewall',
46 });
47
48 __PACKAGE__->register_method({
49 name => 'vmlist',
50 path => '',
51 method => 'GET',
52 description => "LXC container index (per node).",
53 permissions => {
54 description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
55 user => 'all',
56 },
57 proxyto => 'node',
58 protected => 1, # /proc files are only readable by root
59 parameters => {
60 additionalProperties => 0,
61 properties => {
62 node => get_standard_option('pve-node'),
63 },
64 },
65 returns => {
66 type => 'array',
67 items => {
68 type => "object",
69 properties => {},
70 },
71 links => [ { rel => 'child', href => "{vmid}" } ],
72 },
73 code => sub {
74 my ($param) = @_;
75
76 my $rpcenv = PVE::RPCEnvironment::get();
77 my $authuser = $rpcenv->get_user();
78
79 my $vmstatus = PVE::LXC::vmstatus();
80
81 my $res = [];
82 foreach my $vmid (keys %$vmstatus) {
83 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
84
85 my $data = $vmstatus->{$vmid};
86 $data->{vmid} = $vmid;
87 push @$res, $data;
88 }
89
90 return $res;
91
92 }});
93
94 __PACKAGE__->register_method({
95 name => 'create_vm',
96 path => '',
97 method => 'POST',
98 description => "Create or restore a container.",
99 permissions => {
100 user => 'all', # check inside
101 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
102 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
103 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
104 },
105 protected => 1,
106 proxyto => 'node',
107 parameters => {
108 additionalProperties => 0,
109 properties => PVE::LXC::json_config_properties({
110 node => get_standard_option('pve-node'),
111 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
112 ostemplate => {
113 description => "The OS template or backup file.",
114 type => 'string',
115 maxLength => 255,
116 completion => \&PVE::LXC::complete_os_templates,
117 },
118 password => {
119 optional => 1,
120 type => 'string',
121 description => "Sets root password inside container.",
122 minLength => 5,
123 },
124 storage => get_standard_option('pve-storage-id', {
125 description => "Default Storage.",
126 default => 'local',
127 optional => 1,
128 }),
129 force => {
130 optional => 1,
131 type => 'boolean',
132 description => "Allow to overwrite existing container.",
133 },
134 restore => {
135 optional => 1,
136 type => 'boolean',
137 description => "Mark this as restore task.",
138 },
139 pool => {
140 optional => 1,
141 type => 'string', format => 'pve-poolid',
142 description => "Add the VM to the specified pool.",
143 },
144 }),
145 },
146 returns => {
147 type => 'string',
148 },
149 code => sub {
150 my ($param) = @_;
151
152 my $rpcenv = PVE::RPCEnvironment::get();
153
154 my $authuser = $rpcenv->get_user();
155
156 my $node = extract_param($param, 'node');
157
158 my $vmid = extract_param($param, 'vmid');
159
160 my $basecfg_fn = PVE::LXC::config_file($vmid);
161
162 my $same_container_exists = -f $basecfg_fn;
163
164 my $restore = extract_param($param, 'restore');
165
166 if ($restore) {
167 # fixme: limit allowed parameters
168
169 }
170
171 my $force = extract_param($param, 'force');
172
173 if (!($same_container_exists && $restore && $force)) {
174 PVE::Cluster::check_vmid_unused($vmid);
175 } else {
176 my $conf = PVE::LXC::load_config($vmid);
177 PVE::LXC::check_protection($conf, "unable to restore CT $vmid");
178 }
179
180 my $password = extract_param($param, 'password');
181
182 my $storage = extract_param($param, 'storage') // 'local';
183
184 my $storage_cfg = cfs_read_file("storage.cfg");
185
186 my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node);
187
188 raise_param_exc({ storage => "storage '$storage' does not support container root directories"})
189 if !($scfg->{content}->{images} || $scfg->{content}->{rootdir});
190
191 my $pool = extract_param($param, 'pool');
192
193 if (defined($pool)) {
194 $rpcenv->check_pool_exist($pool);
195 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
196 }
197
198 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']);
199
200 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
201 # OK
202 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
203 # OK
204 } elsif ($restore && $force && $same_container_exists &&
205 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
206 # OK: user has VM.Backup permissions, and want to restore an existing VM
207 } else {
208 raise_perm_exc();
209 }
210
211 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
212
213 PVE::Storage::activate_storage($storage_cfg, $storage);
214
215 my $ostemplate = extract_param($param, 'ostemplate');
216
217 my $archive;
218
219 if ($ostemplate eq '-') {
220 die "pipe requires cli environment\n"
221 if $rpcenv->{type} ne 'cli';
222 die "pipe can only be used with restore tasks\n"
223 if !$restore;
224 $archive = '-';
225 die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs});
226 } else {
227 $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate);
228 $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
229 }
230
231 my $conf = {};
232
233 my $no_disk_param = {};
234 foreach my $opt (keys %$param) {
235 my $value = $param->{$opt};
236 if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) {
237 # allow to use simple numbers (add default storage in that case)
238 $param->{$opt} = "$storage:$value" if $value =~ m/^\d+(\.\d+)?$/;
239 } else {
240 $no_disk_param->{$opt} = $value;
241 }
242 }
243 PVE::LXC::update_pct_config($vmid, $conf, 0, $no_disk_param);
244
245 my $check_vmid_usage = sub {
246 if ($force) {
247 die "can't overwrite running container\n"
248 if PVE::LXC::check_running($vmid);
249 } else {
250 PVE::Cluster::check_vmid_unused($vmid);
251 }
252 };
253
254 my $code = sub {
255 &$check_vmid_usage(); # final check after locking
256
257 PVE::Cluster::check_cfs_quorum();
258 my $vollist = [];
259
260 eval {
261 if (!defined($param->{rootfs})) {
262 if ($restore) {
263 my (undef, $disksize) = PVE::LXC::Create::recover_config($archive);
264 $disksize /= 1024 * 1024 * 1024; # create_disks expects GB as unit size
265 die "unable to detect disk size - please specify rootfs (size)\n"
266 if !$disksize;
267 $param->{rootfs} = "$storage:$disksize";
268 } else {
269 $param->{rootfs} = "$storage:4"; # defaults to 4GB
270 }
271 }
272
273 $vollist = PVE::LXC::create_disks($storage_cfg, $vmid, $param, $conf);
274
275 PVE::LXC::Create::create_rootfs($storage_cfg, $vmid, $conf, $archive, $password, $restore);
276 # set some defaults
277 $conf->{hostname} ||= "CT$vmid";
278 $conf->{memory} ||= 512;
279 $conf->{swap} //= 512;
280 PVE::LXC::create_config($vmid, $conf);
281 };
282 if (my $err = $@) {
283 PVE::LXC::destroy_disks($storage_cfg, $vollist);
284 PVE::LXC::destroy_config($vmid);
285 die $err;
286 }
287 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
288 };
289
290 my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); };
291
292 &$check_vmid_usage(); # first check before locking
293
294 return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate',
295 $vmid, $authuser, $realcmd);
296
297 }});
298
299 __PACKAGE__->register_method({
300 name => 'vmdiridx',
301 path => '{vmid}',
302 method => 'GET',
303 proxyto => 'node',
304 description => "Directory index",
305 permissions => {
306 user => 'all',
307 },
308 parameters => {
309 additionalProperties => 0,
310 properties => {
311 node => get_standard_option('pve-node'),
312 vmid => get_standard_option('pve-vmid'),
313 },
314 },
315 returns => {
316 type => 'array',
317 items => {
318 type => "object",
319 properties => {
320 subdir => { type => 'string' },
321 },
322 },
323 links => [ { rel => 'child', href => "{subdir}" } ],
324 },
325 code => sub {
326 my ($param) = @_;
327
328 # test if VM exists
329 my $conf = PVE::LXC::load_config($param->{vmid});
330
331 my $res = [
332 { subdir => 'config' },
333 { subdir => 'status' },
334 { subdir => 'vncproxy' },
335 { subdir => 'vncwebsocket' },
336 { subdir => 'spiceproxy' },
337 { subdir => 'migrate' },
338 # { subdir => 'initlog' },
339 { subdir => 'rrd' },
340 { subdir => 'rrddata' },
341 { subdir => 'firewall' },
342 { subdir => 'snapshot' },
343 ];
344
345 return $res;
346 }});
347
348 __PACKAGE__->register_method({
349 name => 'rrd',
350 path => '{vmid}/rrd',
351 method => 'GET',
352 protected => 1, # fixme: can we avoid that?
353 permissions => {
354 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
355 },
356 description => "Read VM RRD statistics (returns PNG)",
357 parameters => {
358 additionalProperties => 0,
359 properties => {
360 node => get_standard_option('pve-node'),
361 vmid => get_standard_option('pve-vmid'),
362 timeframe => {
363 description => "Specify the time frame you are interested in.",
364 type => 'string',
365 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
366 },
367 ds => {
368 description => "The list of datasources you want to display.",
369 type => 'string', format => 'pve-configid-list',
370 },
371 cf => {
372 description => "The RRD consolidation function",
373 type => 'string',
374 enum => [ 'AVERAGE', 'MAX' ],
375 optional => 1,
376 },
377 },
378 },
379 returns => {
380 type => "object",
381 properties => {
382 filename => { type => 'string' },
383 },
384 },
385 code => sub {
386 my ($param) = @_;
387
388 return PVE::Cluster::create_rrd_graph(
389 "pve2-vm/$param->{vmid}", $param->{timeframe},
390 $param->{ds}, $param->{cf});
391
392 }});
393
394 __PACKAGE__->register_method({
395 name => 'rrddata',
396 path => '{vmid}/rrddata',
397 method => 'GET',
398 protected => 1, # fixme: can we avoid that?
399 permissions => {
400 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
401 },
402 description => "Read VM RRD statistics",
403 parameters => {
404 additionalProperties => 0,
405 properties => {
406 node => get_standard_option('pve-node'),
407 vmid => get_standard_option('pve-vmid'),
408 timeframe => {
409 description => "Specify the time frame you are interested in.",
410 type => 'string',
411 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
412 },
413 cf => {
414 description => "The RRD consolidation function",
415 type => 'string',
416 enum => [ 'AVERAGE', 'MAX' ],
417 optional => 1,
418 },
419 },
420 },
421 returns => {
422 type => "array",
423 items => {
424 type => "object",
425 properties => {},
426 },
427 },
428 code => sub {
429 my ($param) = @_;
430
431 return PVE::Cluster::create_rrd_data(
432 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
433 }});
434
435 __PACKAGE__->register_method({
436 name => 'destroy_vm',
437 path => '{vmid}',
438 method => 'DELETE',
439 protected => 1,
440 proxyto => 'node',
441 description => "Destroy the container (also delete all uses files).",
442 permissions => {
443 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
444 },
445 parameters => {
446 additionalProperties => 0,
447 properties => {
448 node => get_standard_option('pve-node'),
449 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
450 },
451 },
452 returns => {
453 type => 'string',
454 },
455 code => sub {
456 my ($param) = @_;
457
458 my $rpcenv = PVE::RPCEnvironment::get();
459
460 my $authuser = $rpcenv->get_user();
461
462 my $vmid = $param->{vmid};
463
464 # test if container exists
465 my $conf = PVE::LXC::load_config($vmid);
466
467 my $storage_cfg = cfs_read_file("storage.cfg");
468
469 PVE::LXC::check_protection($conf, "can't remove CT $vmid");
470
471 die "unable to remove CT $vmid - used in HA resources\n"
472 if PVE::HA::Config::vm_is_ha_managed($vmid);
473
474 my $code = sub {
475 # reload config after lock
476 $conf = PVE::LXC::load_config($vmid);
477 PVE::LXC::check_lock($conf);
478
479 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
480 PVE::AccessControl::remove_vm_access($vmid);
481 PVE::Firewall::remove_vmfw_conf($vmid);
482 };
483
484 my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); };
485
486 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
487 }});
488
489 my $sslcert;
490
491 __PACKAGE__->register_method ({
492 name => 'vncproxy',
493 path => '{vmid}/vncproxy',
494 method => 'POST',
495 protected => 1,
496 permissions => {
497 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
498 },
499 description => "Creates a TCP VNC proxy connections.",
500 parameters => {
501 additionalProperties => 0,
502 properties => {
503 node => get_standard_option('pve-node'),
504 vmid => get_standard_option('pve-vmid'),
505 websocket => {
506 optional => 1,
507 type => 'boolean',
508 description => "use websocket instead of standard VNC.",
509 },
510 },
511 },
512 returns => {
513 additionalProperties => 0,
514 properties => {
515 user => { type => 'string' },
516 ticket => { type => 'string' },
517 cert => { type => 'string' },
518 port => { type => 'integer' },
519 upid => { type => 'string' },
520 },
521 },
522 code => sub {
523 my ($param) = @_;
524
525 my $rpcenv = PVE::RPCEnvironment::get();
526
527 my $authuser = $rpcenv->get_user();
528
529 my $vmid = $param->{vmid};
530 my $node = $param->{node};
531
532 my $authpath = "/vms/$vmid";
533
534 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
535
536 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
537 if !$sslcert;
538
539 my ($remip, $family);
540
541 if ($node ne PVE::INotify::nodename()) {
542 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
543 } else {
544 $family = PVE::Tools::get_host_address_family($node);
545 }
546
547 my $port = PVE::Tools::next_vnc_port($family);
548
549 # NOTE: vncterm VNC traffic is already TLS encrypted,
550 # so we select the fastest chipher here (or 'none'?)
551 my $remcmd = $remip ?
552 ['/usr/bin/ssh', '-t', $remip] : [];
553
554 my $conf = PVE::LXC::load_config($vmid, $node);
555 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
556
557 my $shcmd = [ '/usr/bin/dtach', '-A',
558 "/var/run/dtach/vzctlconsole$vmid",
559 '-r', 'winch', '-z', @$concmd];
560
561 my $realcmd = sub {
562 my $upid = shift;
563
564 syslog ('info', "starting lxc vnc proxy $upid\n");
565
566 my $timeout = 10;
567
568 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
569 '-timeout', $timeout, '-authpath', $authpath,
570 '-perm', 'VM.Console'];
571
572 if ($param->{websocket}) {
573 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
574 push @$cmd, '-notls', '-listen', 'localhost';
575 }
576
577 push @$cmd, '-c', @$remcmd, @$shcmd;
578
579 run_command($cmd);
580
581 return;
582 };
583
584 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
585
586 PVE::Tools::wait_for_vnc_port($port);
587
588 return {
589 user => $authuser,
590 ticket => $ticket,
591 port => $port,
592 upid => $upid,
593 cert => $sslcert,
594 };
595 }});
596
597 __PACKAGE__->register_method({
598 name => 'vncwebsocket',
599 path => '{vmid}/vncwebsocket',
600 method => 'GET',
601 permissions => {
602 description => "You also need to pass a valid ticket (vncticket).",
603 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
604 },
605 description => "Opens a weksocket for VNC traffic.",
606 parameters => {
607 additionalProperties => 0,
608 properties => {
609 node => get_standard_option('pve-node'),
610 vmid => get_standard_option('pve-vmid'),
611 vncticket => {
612 description => "Ticket from previous call to vncproxy.",
613 type => 'string',
614 maxLength => 512,
615 },
616 port => {
617 description => "Port number returned by previous vncproxy call.",
618 type => 'integer',
619 minimum => 5900,
620 maximum => 5999,
621 },
622 },
623 },
624 returns => {
625 type => "object",
626 properties => {
627 port => { type => 'string' },
628 },
629 },
630 code => sub {
631 my ($param) = @_;
632
633 my $rpcenv = PVE::RPCEnvironment::get();
634
635 my $authuser = $rpcenv->get_user();
636
637 my $authpath = "/vms/$param->{vmid}";
638
639 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
640
641 my $port = $param->{port};
642
643 return { port => $port };
644 }});
645
646 __PACKAGE__->register_method ({
647 name => 'spiceproxy',
648 path => '{vmid}/spiceproxy',
649 method => 'POST',
650 protected => 1,
651 proxyto => 'node',
652 permissions => {
653 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
654 },
655 description => "Returns a SPICE configuration to connect to the CT.",
656 parameters => {
657 additionalProperties => 0,
658 properties => {
659 node => get_standard_option('pve-node'),
660 vmid => get_standard_option('pve-vmid'),
661 proxy => get_standard_option('spice-proxy', { optional => 1 }),
662 },
663 },
664 returns => get_standard_option('remote-viewer-config'),
665 code => sub {
666 my ($param) = @_;
667
668 my $vmid = $param->{vmid};
669 my $node = $param->{node};
670 my $proxy = $param->{proxy};
671
672 my $authpath = "/vms/$vmid";
673 my $permissions = 'VM.Console';
674
675 my $conf = PVE::LXC::load_config($vmid);
676
677 die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
678
679 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
680
681 my $shcmd = ['/usr/bin/dtach', '-A',
682 "/var/run/dtach/vzctlconsole$vmid",
683 '-r', 'winch', '-z', @$concmd];
684
685 my $title = "CT $vmid";
686
687 return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
688 }});
689
690
691 __PACKAGE__->register_method({
692 name => 'migrate_vm',
693 path => '{vmid}/migrate',
694 method => 'POST',
695 protected => 1,
696 proxyto => 'node',
697 description => "Migrate the container to another node. Creates a new migration task.",
698 permissions => {
699 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
700 },
701 parameters => {
702 additionalProperties => 0,
703 properties => {
704 node => get_standard_option('pve-node'),
705 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
706 target => get_standard_option('pve-node', {
707 description => "Target node.",
708 completion => \&PVE::Cluster::complete_migration_target,
709 }),
710 online => {
711 type => 'boolean',
712 description => "Use online/live migration.",
713 optional => 1,
714 },
715 },
716 },
717 returns => {
718 type => 'string',
719 description => "the task ID.",
720 },
721 code => sub {
722 my ($param) = @_;
723
724 my $rpcenv = PVE::RPCEnvironment::get();
725
726 my $authuser = $rpcenv->get_user();
727
728 my $target = extract_param($param, 'target');
729
730 my $localnode = PVE::INotify::nodename();
731 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
732
733 PVE::Cluster::check_cfs_quorum();
734
735 PVE::Cluster::check_node_exists($target);
736
737 my $targetip = PVE::Cluster::remote_node_ip($target);
738
739 my $vmid = extract_param($param, 'vmid');
740
741 # test if VM exists
742 PVE::LXC::load_config($vmid);
743
744 # try to detect errors early
745 if (PVE::LXC::check_running($vmid)) {
746 die "can't migrate running container without --online\n"
747 if !$param->{online};
748 }
749
750 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
751
752 my $hacmd = sub {
753 my $upid = shift;
754
755 my $service = "ct:$vmid";
756
757 my $cmd = ['ha-manager', 'migrate', $service, $target];
758
759 print "Executing HA migrate for CT $vmid to node $target\n";
760
761 PVE::Tools::run_command($cmd);
762
763 return;
764 };
765
766 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
767
768 } else {
769
770 my $realcmd = sub {
771 my $upid = shift;
772
773 PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param);
774
775 return;
776 };
777
778 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd);
779 }
780 }});
781
782 __PACKAGE__->register_method({
783 name => 'vm_feature',
784 path => '{vmid}/feature',
785 method => 'GET',
786 proxyto => 'node',
787 protected => 1,
788 description => "Check if feature for virtual machine is available.",
789 permissions => {
790 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
791 },
792 parameters => {
793 additionalProperties => 0,
794 properties => {
795 node => get_standard_option('pve-node'),
796 vmid => get_standard_option('pve-vmid'),
797 feature => {
798 description => "Feature to check.",
799 type => 'string',
800 enum => [ 'snapshot' ],
801 },
802 snapname => get_standard_option('pve-lxc-snapshot-name', {
803 optional => 1,
804 }),
805 },
806 },
807 returns => {
808 type => "object",
809 properties => {
810 hasFeature => { type => 'boolean' },
811 #nodes => {
812 #type => 'array',
813 #items => { type => 'string' },
814 #}
815 },
816 },
817 code => sub {
818 my ($param) = @_;
819
820 my $node = extract_param($param, 'node');
821
822 my $vmid = extract_param($param, 'vmid');
823
824 my $snapname = extract_param($param, 'snapname');
825
826 my $feature = extract_param($param, 'feature');
827
828 my $conf = PVE::LXC::load_config($vmid);
829
830 if($snapname){
831 my $snap = $conf->{snapshots}->{$snapname};
832 die "snapshot '$snapname' does not exist\n" if !defined($snap);
833 $conf = $snap;
834 }
835 my $storage_cfg = PVE::Storage::config();
836 #Maybe include later
837 #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg);
838 my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname);
839
840 return {
841 hasFeature => $hasFeature,
842 #nodes => [ keys %$nodelist ],
843 };
844 }});
845
846 __PACKAGE__->register_method({
847 name => 'template',
848 path => '{vmid}/template',
849 method => 'POST',
850 protected => 1,
851 proxyto => 'node',
852 description => "Create a Template.",
853 permissions => {
854 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
855 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
856 },
857 parameters => {
858 additionalProperties => 0,
859 properties => {
860 node => get_standard_option('pve-node'),
861 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
862 },
863 },
864 returns => { type => 'null'},
865 code => sub {
866 my ($param) = @_;
867
868 my $rpcenv = PVE::RPCEnvironment::get();
869
870 my $authuser = $rpcenv->get_user();
871
872 my $node = extract_param($param, 'node');
873
874 my $vmid = extract_param($param, 'vmid');
875
876 my $updatefn = sub {
877
878 my $conf = PVE::LXC::load_config($vmid);
879 PVE::LXC::check_lock($conf);
880
881 die "unable to create template, because CT contains snapshots\n"
882 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
883
884 die "you can't convert a template to a template\n"
885 if PVE::LXC::is_template($conf);
886
887 die "you can't convert a CT to template if the CT is running\n"
888 if PVE::LXC::check_running($vmid);
889
890 my $realcmd = sub {
891 PVE::LXC::template_create($vmid, $conf);
892 };
893
894 $conf->{template} = 1;
895
896 PVE::LXC::write_config($vmid, $conf);
897 # and remove lxc config
898 PVE::LXC::update_lxc_config(undef, $vmid, $conf);
899
900 return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd);
901 };
902
903 PVE::LXC::lock_container($vmid, undef, $updatefn);
904
905 return undef;
906 }});
907
908 1;
PVE Container Toolkit