]> git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
projects / pve-container.git / blob
? search:


ed19ea772511ea0e40b304cd7ba52fe36aa90f0e
[pve-container.git] / src / PVE / API2 / LXC.pm
1 package PVE::API2::LXC;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param run_command);
8 use PVE::Exception qw(raise raise_param_exc);
9 use PVE::INotify;
10 use PVE::Cluster qw(cfs_read_file);
11 use PVE::AccessControl;
12 use PVE::Firewall;
13 use PVE::Storage;
14 use PVE::RESTHandler;
15 use PVE::RPCEnvironment;
16 use PVE::LXC;
17 use PVE::LXC::Create;
18 use PVE::LXC::Migrate;
19 use PVE::API2::LXC::Config;
20 use PVE::API2::LXC::Status;
21 use PVE::API2::LXC::Snapshot;
22 use PVE::HA::Config;
23 use PVE::JSONSchema qw(get_standard_option);
24 use base qw(PVE::RESTHandler);
25
26 use Data::Dumper; # fixme: remove
27
28 __PACKAGE__->register_method ({
29 subclass => "PVE::API2::LXC::Config",
30 path => '{vmid}/config',
31 });
32
33 __PACKAGE__->register_method ({
34 subclass => "PVE::API2::LXC::Status",
35 path => '{vmid}/status',
36 });
37
38 __PACKAGE__->register_method ({
39 subclass => "PVE::API2::LXC::Snapshot",
40 path => '{vmid}/snapshot',
41 });
42
43 __PACKAGE__->register_method ({
44 subclass => "PVE::API2::Firewall::CT",
45 path => '{vmid}/firewall',
46 });
47
48 __PACKAGE__->register_method({
49 name => 'vmlist',
50 path => '',
51 method => 'GET',
52 description => "LXC container index (per node).",
53 permissions => {
54 description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
55 user => 'all',
56 },
57 proxyto => 'node',
58 protected => 1, # /proc files are only readable by root
59 parameters => {
60 additionalProperties => 0,
61 properties => {
62 node => get_standard_option('pve-node'),
63 },
64 },
65 returns => {
66 type => 'array',
67 items => {
68 type => "object",
69 properties => {},
70 },
71 links => [ { rel => 'child', href => "{vmid}" } ],
72 },
73 code => sub {
74 my ($param) = @_;
75
76 my $rpcenv = PVE::RPCEnvironment::get();
77 my $authuser = $rpcenv->get_user();
78
79 my $vmstatus = PVE::LXC::vmstatus();
80
81 my $res = [];
82 foreach my $vmid (keys %$vmstatus) {
83 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
84
85 my $data = $vmstatus->{$vmid};
86 $data->{vmid} = $vmid;
87 push @$res, $data;
88 }
89
90 return $res;
91
92 }});
93
94 __PACKAGE__->register_method({
95 name => 'create_vm',
96 path => '',
97 method => 'POST',
98 description => "Create or restore a container.",
99 permissions => {
100 user => 'all', # check inside
101 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
102 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
103 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
104 },
105 protected => 1,
106 proxyto => 'node',
107 parameters => {
108 additionalProperties => 0,
109 properties => PVE::LXC::json_config_properties({
110 node => get_standard_option('pve-node'),
111 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
112 ostemplate => {
113 description => "The OS template or backup file.",
114 type => 'string',
115 maxLength => 255,
116 completion => \&PVE::LXC::complete_os_templates,
117 },
118 password => {
119 optional => 1,
120 type => 'string',
121 description => "Sets root password inside container.",
122 minLength => 5,
123 },
124 storage => get_standard_option('pve-storage-id', {
125 description => "Default Storage.",
126 default => 'local',
127 optional => 1,
128 }),
129 force => {
130 optional => 1,
131 type => 'boolean',
132 description => "Allow to overwrite existing container.",
133 },
134 restore => {
135 optional => 1,
136 type => 'boolean',
137 description => "Mark this as restore task.",
138 },
139 pool => {
140 optional => 1,
141 type => 'string', format => 'pve-poolid',
142 description => "Add the VM to the specified pool.",
143 },
144 }),
145 },
146 returns => {
147 type => 'string',
148 },
149 code => sub {
150 my ($param) = @_;
151
152 my $rpcenv = PVE::RPCEnvironment::get();
153
154 my $authuser = $rpcenv->get_user();
155
156 my $node = extract_param($param, 'node');
157
158 my $vmid = extract_param($param, 'vmid');
159
160 my $basecfg_fn = PVE::LXC::config_file($vmid);
161
162 my $same_container_exists = -f $basecfg_fn;
163
164 my $restore = extract_param($param, 'restore');
165
166 if ($restore) {
167 # fixme: limit allowed parameters
168
169 }
170
171 my $force = extract_param($param, 'force');
172
173 if (!($same_container_exists && $restore && $force)) {
174 PVE::Cluster::check_vmid_unused($vmid);
175 }
176
177 my $password = extract_param($param, 'password');
178
179 my $storage = extract_param($param, 'storage') // 'local';
180
181 my $storage_cfg = cfs_read_file("storage.cfg");
182
183 my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node);
184
185 raise_param_exc({ storage => "storage '$storage' does not support container root directories"})
186 if !($scfg->{content}->{images} || $scfg->{content}->{rootdir});
187
188 my $pool = extract_param($param, 'pool');
189
190 if (defined($pool)) {
191 $rpcenv->check_pool_exist($pool);
192 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
193 }
194
195 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']);
196
197 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
198 # OK
199 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
200 # OK
201 } elsif ($restore && $force && $same_container_exists &&
202 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
203 # OK: user has VM.Backup permissions, and want to restore an existing VM
204 } else {
205 raise_perm_exc();
206 }
207
208 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
209
210 PVE::Storage::activate_storage($storage_cfg, $storage);
211
212 my $ostemplate = extract_param($param, 'ostemplate');
213
214 my $archive;
215
216 if ($ostemplate eq '-') {
217 die "pipe requires cli environment\n"
218 if $rpcenv->{type} ne 'cli';
219 die "pipe can only be used with restore tasks\n"
220 if !$restore;
221 $archive = '-';
222 die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs});
223 } else {
224 $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate);
225 $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
226 }
227
228 my $conf = {};
229
230 my $no_disk_param = {};
231 foreach my $opt (keys %$param) {
232 my $value = $param->{$opt};
233 if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) {
234 # allow to use simple numbers (add default storage in that case)
235 $param->{$opt} = "$storage:$value" if $value =~ m/^\d+(\.\d+)?$/;
236 } else {
237 $no_disk_param->{$opt} = $value;
238 }
239 }
240 PVE::LXC::update_pct_config($vmid, $conf, 0, $no_disk_param);
241
242 my $check_vmid_usage = sub {
243 if ($force) {
244 die "can't overwrite running container\n"
245 if PVE::LXC::check_running($vmid);
246 } else {
247 PVE::Cluster::check_vmid_unused($vmid);
248 }
249 };
250
251 my $code = sub {
252 &$check_vmid_usage(); # final check after locking
253
254 PVE::Cluster::check_cfs_quorum();
255 my $vollist = [];
256
257 eval {
258 if (!defined($param->{rootfs})) {
259 if ($restore) {
260 my (undef, $disksize) = PVE::LXC::Create::recover_config($archive);
261 $disksize /= 1024 * 1024; # create_disks expects GB as unit size
262 die "unable to detect disk size - please specify rootfs (size)\n"
263 if !$disksize;
264 $param->{rootfs} = "$storage:$disksize";
265 } else {
266 $param->{rootfs} = "$storage:4"; # defaults to 4GB
267 }
268 }
269
270 $vollist = PVE::LXC::create_disks($storage_cfg, $vmid, $param, $conf);
271
272 PVE::LXC::Create::create_rootfs($storage_cfg, $vmid, $conf, $archive, $password, $restore);
273 # set some defaults
274 $conf->{hostname} ||= "CT$vmid";
275 $conf->{memory} ||= 512;
276 $conf->{swap} //= 512;
277 PVE::LXC::create_config($vmid, $conf);
278 };
279 if (my $err = $@) {
280 PVE::LXC::destroy_disks($storage_cfg, $vollist);
281 PVE::LXC::destroy_config($vmid);
282 die $err;
283 }
284 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
285 };
286
287 my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); };
288
289 &$check_vmid_usage(); # first check before locking
290
291 return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate',
292 $vmid, $authuser, $realcmd);
293
294 }});
295
296 __PACKAGE__->register_method({
297 name => 'vmdiridx',
298 path => '{vmid}',
299 method => 'GET',
300 proxyto => 'node',
301 description => "Directory index",
302 permissions => {
303 user => 'all',
304 },
305 parameters => {
306 additionalProperties => 0,
307 properties => {
308 node => get_standard_option('pve-node'),
309 vmid => get_standard_option('pve-vmid'),
310 },
311 },
312 returns => {
313 type => 'array',
314 items => {
315 type => "object",
316 properties => {
317 subdir => { type => 'string' },
318 },
319 },
320 links => [ { rel => 'child', href => "{subdir}" } ],
321 },
322 code => sub {
323 my ($param) = @_;
324
325 # test if VM exists
326 my $conf = PVE::LXC::load_config($param->{vmid});
327
328 my $res = [
329 { subdir => 'config' },
330 { subdir => 'status' },
331 { subdir => 'vncproxy' },
332 { subdir => 'vncwebsocket' },
333 { subdir => 'spiceproxy' },
334 { subdir => 'migrate' },
335 # { subdir => 'initlog' },
336 { subdir => 'rrd' },
337 { subdir => 'rrddata' },
338 { subdir => 'firewall' },
339 { subdir => 'snapshot' },
340 ];
341
342 return $res;
343 }});
344
345 __PACKAGE__->register_method({
346 name => 'rrd',
347 path => '{vmid}/rrd',
348 method => 'GET',
349 protected => 1, # fixme: can we avoid that?
350 permissions => {
351 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
352 },
353 description => "Read VM RRD statistics (returns PNG)",
354 parameters => {
355 additionalProperties => 0,
356 properties => {
357 node => get_standard_option('pve-node'),
358 vmid => get_standard_option('pve-vmid'),
359 timeframe => {
360 description => "Specify the time frame you are interested in.",
361 type => 'string',
362 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
363 },
364 ds => {
365 description => "The list of datasources you want to display.",
366 type => 'string', format => 'pve-configid-list',
367 },
368 cf => {
369 description => "The RRD consolidation function",
370 type => 'string',
371 enum => [ 'AVERAGE', 'MAX' ],
372 optional => 1,
373 },
374 },
375 },
376 returns => {
377 type => "object",
378 properties => {
379 filename => { type => 'string' },
380 },
381 },
382 code => sub {
383 my ($param) = @_;
384
385 return PVE::Cluster::create_rrd_graph(
386 "pve2-vm/$param->{vmid}", $param->{timeframe},
387 $param->{ds}, $param->{cf});
388
389 }});
390
391 __PACKAGE__->register_method({
392 name => 'rrddata',
393 path => '{vmid}/rrddata',
394 method => 'GET',
395 protected => 1, # fixme: can we avoid that?
396 permissions => {
397 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
398 },
399 description => "Read VM RRD statistics",
400 parameters => {
401 additionalProperties => 0,
402 properties => {
403 node => get_standard_option('pve-node'),
404 vmid => get_standard_option('pve-vmid'),
405 timeframe => {
406 description => "Specify the time frame you are interested in.",
407 type => 'string',
408 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
409 },
410 cf => {
411 description => "The RRD consolidation function",
412 type => 'string',
413 enum => [ 'AVERAGE', 'MAX' ],
414 optional => 1,
415 },
416 },
417 },
418 returns => {
419 type => "array",
420 items => {
421 type => "object",
422 properties => {},
423 },
424 },
425 code => sub {
426 my ($param) = @_;
427
428 return PVE::Cluster::create_rrd_data(
429 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
430 }});
431
432 __PACKAGE__->register_method({
433 name => 'destroy_vm',
434 path => '{vmid}',
435 method => 'DELETE',
436 protected => 1,
437 proxyto => 'node',
438 description => "Destroy the container (also delete all uses files).",
439 permissions => {
440 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
441 },
442 parameters => {
443 additionalProperties => 0,
444 properties => {
445 node => get_standard_option('pve-node'),
446 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
447 },
448 },
449 returns => {
450 type => 'string',
451 },
452 code => sub {
453 my ($param) = @_;
454
455 my $rpcenv = PVE::RPCEnvironment::get();
456
457 my $authuser = $rpcenv->get_user();
458
459 my $vmid = $param->{vmid};
460
461 # test if container exists
462 my $conf = PVE::LXC::load_config($vmid);
463
464 my $storage_cfg = cfs_read_file("storage.cfg");
465
466 die "can't remove CT $vmid - protection mode enabled\n"
467 if ($conf->{protection} == 1);
468
469 die "unable to remove CT $vmid - used in HA resources\n"
470 if PVE::HA::Config::vm_is_ha_managed($vmid);
471
472 my $code = sub {
473 # reload config after lock
474 $conf = PVE::LXC::load_config($vmid);
475 PVE::LXC::check_lock($conf);
476
477 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
478 PVE::AccessControl::remove_vm_access($vmid);
479 PVE::Firewall::remove_vmfw_conf($vmid);
480 };
481
482 my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); };
483
484 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
485 }});
486
487 my $sslcert;
488
489 __PACKAGE__->register_method ({
490 name => 'vncproxy',
491 path => '{vmid}/vncproxy',
492 method => 'POST',
493 protected => 1,
494 permissions => {
495 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
496 },
497 description => "Creates a TCP VNC proxy connections.",
498 parameters => {
499 additionalProperties => 0,
500 properties => {
501 node => get_standard_option('pve-node'),
502 vmid => get_standard_option('pve-vmid'),
503 websocket => {
504 optional => 1,
505 type => 'boolean',
506 description => "use websocket instead of standard VNC.",
507 },
508 },
509 },
510 returns => {
511 additionalProperties => 0,
512 properties => {
513 user => { type => 'string' },
514 ticket => { type => 'string' },
515 cert => { type => 'string' },
516 port => { type => 'integer' },
517 upid => { type => 'string' },
518 },
519 },
520 code => sub {
521 my ($param) = @_;
522
523 my $rpcenv = PVE::RPCEnvironment::get();
524
525 my $authuser = $rpcenv->get_user();
526
527 my $vmid = $param->{vmid};
528 my $node = $param->{node};
529
530 my $authpath = "/vms/$vmid";
531
532 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
533
534 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
535 if !$sslcert;
536
537 my ($remip, $family);
538
539 if ($node ne PVE::INotify::nodename()) {
540 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
541 } else {
542 $family = PVE::Tools::get_host_address_family($node);
543 }
544
545 my $port = PVE::Tools::next_vnc_port($family);
546
547 # NOTE: vncterm VNC traffic is already TLS encrypted,
548 # so we select the fastest chipher here (or 'none'?)
549 my $remcmd = $remip ?
550 ['/usr/bin/ssh', '-t', $remip] : [];
551
552 my $conf = PVE::LXC::load_config($vmid, $node);
553 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
554
555 my $shcmd = [ '/usr/bin/dtach', '-A',
556 "/var/run/dtach/vzctlconsole$vmid",
557 '-r', 'winch', '-z', @$concmd];
558
559 my $realcmd = sub {
560 my $upid = shift;
561
562 syslog ('info', "starting lxc vnc proxy $upid\n");
563
564 my $timeout = 10;
565
566 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
567 '-timeout', $timeout, '-authpath', $authpath,
568 '-perm', 'VM.Console'];
569
570 if ($param->{websocket}) {
571 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
572 push @$cmd, '-notls', '-listen', 'localhost';
573 }
574
575 push @$cmd, '-c', @$remcmd, @$shcmd;
576
577 run_command($cmd);
578
579 return;
580 };
581
582 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
583
584 PVE::Tools::wait_for_vnc_port($port);
585
586 return {
587 user => $authuser,
588 ticket => $ticket,
589 port => $port,
590 upid => $upid,
591 cert => $sslcert,
592 };
593 }});
594
595 __PACKAGE__->register_method({
596 name => 'vncwebsocket',
597 path => '{vmid}/vncwebsocket',
598 method => 'GET',
599 permissions => {
600 description => "You also need to pass a valid ticket (vncticket).",
601 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
602 },
603 description => "Opens a weksocket for VNC traffic.",
604 parameters => {
605 additionalProperties => 0,
606 properties => {
607 node => get_standard_option('pve-node'),
608 vmid => get_standard_option('pve-vmid'),
609 vncticket => {
610 description => "Ticket from previous call to vncproxy.",
611 type => 'string',
612 maxLength => 512,
613 },
614 port => {
615 description => "Port number returned by previous vncproxy call.",
616 type => 'integer',
617 minimum => 5900,
618 maximum => 5999,
619 },
620 },
621 },
622 returns => {
623 type => "object",
624 properties => {
625 port => { type => 'string' },
626 },
627 },
628 code => sub {
629 my ($param) = @_;
630
631 my $rpcenv = PVE::RPCEnvironment::get();
632
633 my $authuser = $rpcenv->get_user();
634
635 my $authpath = "/vms/$param->{vmid}";
636
637 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
638
639 my $port = $param->{port};
640
641 return { port => $port };
642 }});
643
644 __PACKAGE__->register_method ({
645 name => 'spiceproxy',
646 path => '{vmid}/spiceproxy',
647 method => 'POST',
648 protected => 1,
649 proxyto => 'node',
650 permissions => {
651 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
652 },
653 description => "Returns a SPICE configuration to connect to the CT.",
654 parameters => {
655 additionalProperties => 0,
656 properties => {
657 node => get_standard_option('pve-node'),
658 vmid => get_standard_option('pve-vmid'),
659 proxy => get_standard_option('spice-proxy', { optional => 1 }),
660 },
661 },
662 returns => get_standard_option('remote-viewer-config'),
663 code => sub {
664 my ($param) = @_;
665
666 my $vmid = $param->{vmid};
667 my $node = $param->{node};
668 my $proxy = $param->{proxy};
669
670 my $authpath = "/vms/$vmid";
671 my $permissions = 'VM.Console';
672
673 my $conf = PVE::LXC::load_config($vmid);
674
675 die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
676
677 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
678
679 my $shcmd = ['/usr/bin/dtach', '-A',
680 "/var/run/dtach/vzctlconsole$vmid",
681 '-r', 'winch', '-z', @$concmd];
682
683 my $title = "CT $vmid";
684
685 return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
686 }});
687
688
689 __PACKAGE__->register_method({
690 name => 'migrate_vm',
691 path => '{vmid}/migrate',
692 method => 'POST',
693 protected => 1,
694 proxyto => 'node',
695 description => "Migrate the container to another node. Creates a new migration task.",
696 permissions => {
697 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
698 },
699 parameters => {
700 additionalProperties => 0,
701 properties => {
702 node => get_standard_option('pve-node'),
703 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
704 target => get_standard_option('pve-node', {
705 description => "Target node.",
706 completion => \&PVE::Cluster::complete_migration_target,
707 }),
708 online => {
709 type => 'boolean',
710 description => "Use online/live migration.",
711 optional => 1,
712 },
713 },
714 },
715 returns => {
716 type => 'string',
717 description => "the task ID.",
718 },
719 code => sub {
720 my ($param) = @_;
721
722 my $rpcenv = PVE::RPCEnvironment::get();
723
724 my $authuser = $rpcenv->get_user();
725
726 my $target = extract_param($param, 'target');
727
728 my $localnode = PVE::INotify::nodename();
729 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
730
731 PVE::Cluster::check_cfs_quorum();
732
733 PVE::Cluster::check_node_exists($target);
734
735 my $targetip = PVE::Cluster::remote_node_ip($target);
736
737 my $vmid = extract_param($param, 'vmid');
738
739 # test if VM exists
740 PVE::LXC::load_config($vmid);
741
742 # try to detect errors early
743 if (PVE::LXC::check_running($vmid)) {
744 die "can't migrate running container without --online\n"
745 if !$param->{online};
746 }
747
748 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
749
750 my $hacmd = sub {
751 my $upid = shift;
752
753 my $service = "ct:$vmid";
754
755 my $cmd = ['ha-manager', 'migrate', $service, $target];
756
757 print "Executing HA migrate for CT $vmid to node $target\n";
758
759 PVE::Tools::run_command($cmd);
760
761 return;
762 };
763
764 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
765
766 } else {
767
768 my $realcmd = sub {
769 my $upid = shift;
770
771 PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param);
772
773 return;
774 };
775
776 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd);
777 }
778 }});
779
780 __PACKAGE__->register_method({
781 name => 'vm_feature',
782 path => '{vmid}/feature',
783 method => 'GET',
784 proxyto => 'node',
785 protected => 1,
786 description => "Check if feature for virtual machine is available.",
787 permissions => {
788 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
789 },
790 parameters => {
791 additionalProperties => 0,
792 properties => {
793 node => get_standard_option('pve-node'),
794 vmid => get_standard_option('pve-vmid'),
795 feature => {
796 description => "Feature to check.",
797 type => 'string',
798 enum => [ 'snapshot' ],
799 },
800 snapname => get_standard_option('pve-lxc-snapshot-name', {
801 optional => 1,
802 }),
803 },
804 },
805 returns => {
806 type => "object",
807 properties => {
808 hasFeature => { type => 'boolean' },
809 #nodes => {
810 #type => 'array',
811 #items => { type => 'string' },
812 #}
813 },
814 },
815 code => sub {
816 my ($param) = @_;
817
818 my $node = extract_param($param, 'node');
819
820 my $vmid = extract_param($param, 'vmid');
821
822 my $snapname = extract_param($param, 'snapname');
823
824 my $feature = extract_param($param, 'feature');
825
826 my $conf = PVE::LXC::load_config($vmid);
827
828 if($snapname){
829 my $snap = $conf->{snapshots}->{$snapname};
830 die "snapshot '$snapname' does not exist\n" if !defined($snap);
831 $conf = $snap;
832 }
833 my $storage_cfg = PVE::Storage::config();
834 #Maybe include later
835 #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg);
836 my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname);
837
838 return {
839 hasFeature => $hasFeature,
840 #nodes => [ keys %$nodelist ],
841 };
842 }});
843
844 __PACKAGE__->register_method({
845 name => 'template',
846 path => '{vmid}/template',
847 method => 'POST',
848 protected => 1,
849 proxyto => 'node',
850 description => "Create a Template.",
851 permissions => {
852 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
853 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
854 },
855 parameters => {
856 additionalProperties => 0,
857 properties => {
858 node => get_standard_option('pve-node'),
859 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
860 },
861 },
862 returns => { type => 'null'},
863 code => sub {
864 my ($param) = @_;
865
866 my $rpcenv = PVE::RPCEnvironment::get();
867
868 my $authuser = $rpcenv->get_user();
869
870 my $node = extract_param($param, 'node');
871
872 my $vmid = extract_param($param, 'vmid');
873
874 my $updatefn = sub {
875
876 my $conf = PVE::LXC::load_config($vmid);
877 PVE::LXC::check_lock($conf);
878
879 die "unable to create template, because CT contains snapshots\n"
880 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
881
882 die "you can't convert a template to a template\n"
883 if PVE::LXC::is_template($conf);
884
885 die "you can't convert a CT to template if the CT is running\n"
886 if PVE::LXC::check_running($vmid);
887
888 my $realcmd = sub {
889 PVE::LXC::template_create($vmid, $conf);
890 };
891
892 $conf->{template} = 1;
893
894 PVE::LXC::write_config($vmid, $conf);
895 # and remove lxc config
896 PVE::LXC::update_lxc_config(undef, $vmid, $conf);
897
898 return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd);
899 };
900
901 PVE::LXC::lock_container($vmid, undef, $updatefn);
902
903 return undef;
904 }});
905
906 1;
PVE Container Toolkit