]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
1 package PVE
::API2
::LXC
;
7 use PVE
::Tools
qw(extract_param run_command);
8 use PVE
::Exception
qw(raise raise_param_exc);
10 use PVE
::Cluster
qw(cfs_read_file);
11 use PVE
::AccessControl
;
14 use PVE
::RPCEnvironment
;
18 use PVE
::JSONSchema
qw(get_standard_option);
19 use base
qw(PVE::RESTHandler);
21 use Data
::Dumper
; # fixme: remove
23 my $get_container_storage = sub {
24 my ($stcfg, $vmid, $lxc_conf) = @_;
26 if (my $volid = $lxc_conf->{'pve.volid'}) {
27 my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid);
28 return wantarray ?
($sid, $volname) : $sid;
30 my $path = $lxc_conf->{'lxc.rootfs'};
31 my ($vtype, $volid) = PVE
::Storage
::path_to_volume_id
($stcfg, $path);
32 my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1) if $volid;
33 return wantarray ?
($sid, $volname, $path) : $sid;
37 my $check_ct_modify_config_perm = sub {
38 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
40 return 1 if $authuser ne 'root@pam';
42 foreach my $opt (@$key_list) {
44 if ($opt eq 'cpus' || $opt eq 'cpuunits' || $opt eq 'cpulimit') {
45 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
46 } elsif ($opt eq 'disk') {
47 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
48 } elsif ($opt eq 'memory' || $opt eq 'swap') {
49 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
50 } elsif ($opt =~ m/^net\d+$/ || $opt eq 'nameserver' ||
51 $opt eq 'searchdomain' || $opt eq 'hostname') {
52 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
54 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
61 PVE
::JSONSchema
::register_standard_option
('pve-lxc-snapshot-name', {
62 description
=> "The name of the snapshot.",
63 type
=> 'string', format
=> 'pve-configid',
67 __PACKAGE__-
>register_method({
71 description
=> "LXC container index (per node).",
73 description
=> "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
77 protected
=> 1, # /proc files are only readable by root
79 additionalProperties
=> 0,
81 node
=> get_standard_option
('pve-node'),
90 links
=> [ { rel
=> 'child', href
=> "{vmid}" } ],
95 my $rpcenv = PVE
::RPCEnvironment
::get
();
96 my $authuser = $rpcenv->get_user();
98 my $vmstatus = PVE
::LXC
::vmstatus
();
101 foreach my $vmid (keys %$vmstatus) {
102 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
104 my $data = $vmstatus->{$vmid};
105 $data->{vmid
} = $vmid;
113 __PACKAGE__-
>register_method({
117 description
=> "Create or restore a container.",
119 user
=> 'all', # check inside
120 description
=> "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
121 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
122 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
127 additionalProperties
=> 0,
128 properties
=> PVE
::LXC
::json_config_properties
({
129 node
=> get_standard_option
('pve-node'),
130 vmid
=> get_standard_option
('pve-vmid'),
132 description
=> "The OS template or backup file.",
139 description
=> "Sets root password inside container.",
142 storage
=> get_standard_option
('pve-storage-id', {
143 description
=> "Target storage.",
150 description
=> "Allow to overwrite existing container.",
155 description
=> "Mark this as restore task.",
159 type
=> 'string', format
=> 'pve-poolid',
160 description
=> "Add the VM to the specified pool.",
170 my $rpcenv = PVE
::RPCEnvironment
::get
();
172 my $authuser = $rpcenv->get_user();
174 my $node = extract_param
($param, 'node');
176 my $vmid = extract_param
($param, 'vmid');
178 my $basecfg_fn = PVE
::LXC
::config_file
($vmid);
180 my $same_container_exists = -f
$basecfg_fn;
182 my $restore = extract_param
($param, 'restore');
185 # fixme: limit allowed parameters
189 my $force = extract_param
($param, 'force');
191 if (!($same_container_exists && $restore && $force)) {
192 PVE
::Cluster
::check_vmid_unused
($vmid);
195 my $password = extract_param
($param, 'password');
197 my $storage = extract_param
($param, 'storage') || 'local';
199 my $pool = extract_param
($param, 'pool');
201 my $storage_cfg = cfs_read_file
("storage.cfg");
203 my $scfg = PVE
::Storage
::storage_check_node
($storage_cfg, $storage, $node);
205 raise_param_exc
({ storage
=> "storage '$storage' does not support container root directories"})
206 if !$scfg->{content
}->{rootdir
};
208 if (defined($pool)) {
209 $rpcenv->check_pool_exist($pool);
210 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
213 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
215 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
217 } elsif ($restore && $force && $same_container_exists &&
218 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
219 # OK: user has VM.Backup permissions, and want to restore an existing VM
224 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
226 PVE
::Storage
::activate_storage
($storage_cfg, $storage);
228 my $ostemplate = extract_param
($param, 'ostemplate');
232 if ($ostemplate eq '-') {
233 die "pipe requires cli environment\n"
234 if $rpcenv->{type
} ne 'cli';
235 die "pipe can only be used with restore tasks\n"
239 $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate);
240 $archive = PVE
::Storage
::abs_filesystem_path
($storage_cfg, $ostemplate);
247 ($conf, $ovs) = PVE
::LXCCreate
::recover_config
($archive);
248 PVE
::LXC
::lxc_config_change_vmid
($conf, $vmid);
251 $param->{hostname
} ||= "CT$vmid" if !defined($conf->{'lxc.utsname'});
252 $param->{memory
} ||= 512 if !defined($conf->{'lxc.cgroup.memory.limit_in_bytes'});
253 $param->{swap
} //= 512 if !defined($conf->{'lxc.cgroup.memory.memsw.limit_in_bytes'});
255 PVE
::LXC
::update_lxc_config
($vmid, $conf, 0, $param);
257 # assigng default names, so that we can configure network with LXCSetup
258 foreach my $k (keys %$conf) {
259 next if $k !~ m/^net(\d+)$/;
261 $conf->{$k}->{name
} ||= "eth$ind";
264 # use user namespace ?
265 # disable for now, because kernel 3.10.0 does not support it
266 #$conf->{'lxc.id_map'} = ["u 0 100000 65536", "g 0 100000 65536"];
268 my $check_vmid_usage = sub {
270 die "cant overwrite running container\n"
271 if PVE
::LXC
::check_running
($vmid);
273 PVE
::Cluster
::check_vmid_unused
($vmid);
278 &$check_vmid_usage(); # final check after locking
280 PVE
::Cluster
::check_cfs_quorum
();
282 $param->{disk
} = $conf->{'pve.disksize'} if !$param->{disk
} && $restore;
284 print "###########################################################\n";
285 print "Converting OpenVZ configuration to LXC.\n";
286 print "Please check the configuration and reconfigure the network.\n";
287 print "###########################################################\n";
289 PVE
::LXCCreate
::create_rootfs
($storage_cfg, $storage, $param->{disk
}, $vmid, $conf,
290 $archive, $password, $restore);
293 my $realcmd = sub { PVE
::LXC
::lock_container
($vmid, 1, $code); };
295 &$check_vmid_usage(); # first check before locking
297 return $rpcenv->fork_worker($restore ?
'vzrestore' : 'vzcreate',
298 $vmid, $authuser, $realcmd);
302 my $vm_config_perm_list = [
310 __PACKAGE__-
>register_method({
312 path
=> '{vmid}/config',
316 description
=> "Set container options.",
318 check
=> ['perm', '/vms/{vmid}', $vm_config_perm_list, any
=> 1],
321 additionalProperties
=> 0,
322 properties
=> PVE
::LXC
::json_config_properties
(
324 node
=> get_standard_option
('pve-node'),
325 vmid
=> get_standard_option
('pve-vmid'),
327 type
=> 'string', format
=> 'pve-configid-list',
328 description
=> "A list of settings you want to delete.",
333 description
=> 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
339 returns
=> { type
=> 'null'},
343 my $rpcenv = PVE
::RPCEnvironment
::get
();
345 my $authuser = $rpcenv->get_user();
347 my $node = extract_param
($param, 'node');
349 my $vmid = extract_param
($param, 'vmid');
351 my $digest = extract_param
($param, 'digest');
353 die "no options specified\n" if !scalar(keys %$param);
355 my $delete_str = extract_param
($param, 'delete');
356 my @delete = PVE
::Tools
::split_list
($delete_str);
358 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
360 foreach my $opt (@delete) {
361 raise_param_exc
({ delete => "you can't use '-$opt' and " .
362 "-delete $opt' at the same time" })
363 if defined($param->{$opt});
365 if (!PVE
::LXC
::option_exists
($opt)) {
366 raise_param_exc
({ delete => "unknown option '$opt'" });
370 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
374 my $conf = PVE
::LXC
::load_config
($vmid);
375 PVE
::LXC
::check_lock
($conf);
377 PVE
::Tools
::assert_if_modified
($digest, $conf->{digest
});
379 my $running = PVE
::LXC
::check_running
($vmid);
381 PVE
::LXC
::update_lxc_config
($vmid, $conf, $running, $param, \
@delete);
383 PVE
::LXC
::write_config
($vmid, $conf);
386 PVE
::LXC
::lock_container
($vmid, undef, $code);
391 __PACKAGE__-
>register_method ({
392 subclass
=> "PVE::API2::Firewall::CT",
393 path
=> '{vmid}/firewall',
396 __PACKAGE__-
>register_method({
401 description
=> "Directory index",
406 additionalProperties
=> 0,
408 node
=> get_standard_option
('pve-node'),
409 vmid
=> get_standard_option
('pve-vmid'),
417 subdir
=> { type
=> 'string' },
420 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
426 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
429 { subdir
=> 'config' },
430 { subdir
=> 'status' },
431 { subdir
=> 'vncproxy' },
432 { subdir
=> 'vncwebsocket' },
433 { subdir
=> 'spiceproxy' },
434 { subdir
=> 'migrate' },
435 # { subdir => 'initlog' },
437 { subdir
=> 'rrddata' },
438 { subdir
=> 'firewall' },
439 { subdir
=> 'snapshot' },
445 __PACKAGE__-
>register_method({
447 path
=> '{vmid}/rrd',
449 protected
=> 1, # fixme: can we avoid that?
451 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
453 description
=> "Read VM RRD statistics (returns PNG)",
455 additionalProperties
=> 0,
457 node
=> get_standard_option
('pve-node'),
458 vmid
=> get_standard_option
('pve-vmid'),
460 description
=> "Specify the time frame you are interested in.",
462 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
465 description
=> "The list of datasources you want to display.",
466 type
=> 'string', format
=> 'pve-configid-list',
469 description
=> "The RRD consolidation function",
471 enum
=> [ 'AVERAGE', 'MAX' ],
479 filename
=> { type
=> 'string' },
485 return PVE
::Cluster
::create_rrd_graph
(
486 "pve2-vm/$param->{vmid}", $param->{timeframe
},
487 $param->{ds
}, $param->{cf
});
491 __PACKAGE__-
>register_method({
493 path
=> '{vmid}/rrddata',
495 protected
=> 1, # fixme: can we avoid that?
497 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
499 description
=> "Read VM RRD statistics",
501 additionalProperties
=> 0,
503 node
=> get_standard_option
('pve-node'),
504 vmid
=> get_standard_option
('pve-vmid'),
506 description
=> "Specify the time frame you are interested in.",
508 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
511 description
=> "The RRD consolidation function",
513 enum
=> [ 'AVERAGE', 'MAX' ],
528 return PVE
::Cluster
::create_rrd_data
(
529 "pve2-vm/$param->{vmid}", $param->{timeframe
}, $param->{cf
});
533 __PACKAGE__-
>register_method({
535 path
=> '{vmid}/config',
538 description
=> "Get container configuration.",
540 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
543 additionalProperties
=> 0,
545 node
=> get_standard_option
('pve-node'),
546 vmid
=> get_standard_option
('pve-vmid'),
554 description
=> 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
561 my $lxc_conf = PVE
::LXC
::load_config
($param->{vmid
});
563 # NOTE: we only return selected/converted values
565 my $conf = PVE
::LXC
::lxc_conf_to_pve
($param->{vmid
}, $lxc_conf);
567 my $stcfg = PVE
::Cluster
::cfs_read_file
("storage.cfg");
569 my ($sid, undef, $path) = &$get_container_storage($stcfg, $param->{vmid
}, $lxc_conf);
570 $conf->{storage
} = $sid || $path;
575 __PACKAGE__-
>register_method({
576 name
=> 'destroy_vm',
581 description
=> "Destroy the container (also delete all uses files).",
583 check
=> [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
586 additionalProperties
=> 0,
588 node
=> get_standard_option
('pve-node'),
589 vmid
=> get_standard_option
('pve-vmid'),
598 my $rpcenv = PVE
::RPCEnvironment
::get
();
600 my $authuser = $rpcenv->get_user();
602 my $vmid = $param->{vmid
};
604 # test if container exists
605 my $conf = PVE
::LXC
::load_config
($vmid);
607 my $storage_cfg = cfs_read_file
("storage.cfg");
610 # reload config after lock
611 $conf = PVE
::LXC
::load_config
($vmid);
612 PVE
::LXC
::check_lock
($conf);
614 PVE
::LXC
::destory_lxc_container
($storage_cfg, $vmid, $conf);
615 PVE
::AccessControl
::remove_vm_from_pool
($vmid);
618 my $realcmd = sub { PVE
::LXC
::lock_container
($vmid, 1, $code); };
620 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
625 __PACKAGE__-
>register_method ({
627 path
=> '{vmid}/vncproxy',
631 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
633 description
=> "Creates a TCP VNC proxy connections.",
635 additionalProperties
=> 0,
637 node
=> get_standard_option
('pve-node'),
638 vmid
=> get_standard_option
('pve-vmid'),
642 description
=> "use websocket instead of standard VNC.",
647 additionalProperties
=> 0,
649 user
=> { type
=> 'string' },
650 ticket
=> { type
=> 'string' },
651 cert
=> { type
=> 'string' },
652 port
=> { type
=> 'integer' },
653 upid
=> { type
=> 'string' },
659 my $rpcenv = PVE
::RPCEnvironment
::get
();
661 my $authuser = $rpcenv->get_user();
663 my $vmid = $param->{vmid
};
664 my $node = $param->{node
};
666 my $authpath = "/vms/$vmid";
668 my $ticket = PVE
::AccessControl
::assemble_vnc_ticket
($authuser, $authpath);
670 $sslcert = PVE
::Tools
::file_get_contents
("/etc/pve/pve-root-ca.pem", 8192)
673 my ($remip, $family);
675 if ($node ne PVE
::INotify
::nodename
()) {
676 ($remip, $family) = PVE
::Cluster
::remote_node_ip
($node);
678 $family = PVE
::Tools
::get_host_address_family
($node);
681 my $port = PVE
::Tools
::next_vnc_port
($family);
683 # NOTE: vncterm VNC traffic is already TLS encrypted,
684 # so we select the fastest chipher here (or 'none'?)
685 my $remcmd = $remip ?
686 ['/usr/bin/ssh', '-t', $remip] : [];
688 my $shcmd = [ '/usr/bin/dtach', '-A',
689 "/var/run/dtach/vzctlconsole$vmid",
691 'lxc-console', '-n', $vmid ];
696 syslog
('info', "starting lxc vnc proxy $upid\n");
700 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
701 '-timeout', $timeout, '-authpath', $authpath,
702 '-perm', 'VM.Console'];
704 if ($param->{websocket
}) {
705 $ENV{PVE_VNC_TICKET
} = $ticket; # pass ticket to vncterm
706 push @$cmd, '-notls', '-listen', 'localhost';
709 push @$cmd, '-c', @$remcmd, @$shcmd;
716 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
718 PVE
::Tools
::wait_for_vnc_port
($port);
729 __PACKAGE__-
>register_method({
730 name
=> 'vncwebsocket',
731 path
=> '{vmid}/vncwebsocket',
734 description
=> "You also need to pass a valid ticket (vncticket).",
735 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
737 description
=> "Opens a weksocket for VNC traffic.",
739 additionalProperties
=> 0,
741 node
=> get_standard_option
('pve-node'),
742 vmid
=> get_standard_option
('pve-vmid'),
744 description
=> "Ticket from previous call to vncproxy.",
749 description
=> "Port number returned by previous vncproxy call.",
759 port
=> { type
=> 'string' },
765 my $rpcenv = PVE
::RPCEnvironment
::get
();
767 my $authuser = $rpcenv->get_user();
769 my $authpath = "/vms/$param->{vmid}";
771 PVE
::AccessControl
::verify_vnc_ticket
($param->{vncticket
}, $authuser, $authpath);
773 my $port = $param->{port
};
775 return { port
=> $port };
778 __PACKAGE__-
>register_method ({
779 name
=> 'spiceproxy',
780 path
=> '{vmid}/spiceproxy',
785 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
787 description
=> "Returns a SPICE configuration to connect to the CT.",
789 additionalProperties
=> 0,
791 node
=> get_standard_option
('pve-node'),
792 vmid
=> get_standard_option
('pve-vmid'),
793 proxy
=> get_standard_option
('spice-proxy', { optional
=> 1 }),
796 returns
=> get_standard_option
('remote-viewer-config'),
800 my $vmid = $param->{vmid
};
801 my $node = $param->{node
};
802 my $proxy = $param->{proxy
};
804 my $authpath = "/vms/$vmid";
805 my $permissions = 'VM.Console';
807 my $shcmd = ['/usr/bin/dtach', '-A',
808 "/var/run/dtach/vzctlconsole$vmid",
810 'lxc-console', '-n', $vmid];
812 my $title = "CT $vmid";
814 return PVE
::API2Tools
::run_spiceterm
($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
817 __PACKAGE__-
>register_method({
819 path
=> '{vmid}/status',
822 description
=> "Directory index",
827 additionalProperties
=> 0,
829 node
=> get_standard_option
('pve-node'),
830 vmid
=> get_standard_option
('pve-vmid'),
838 subdir
=> { type
=> 'string' },
841 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
847 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
850 { subdir
=> 'current' },
851 { subdir
=> 'start' },
852 { subdir
=> 'stop' },
853 { subdir
=> 'shutdown' },
854 { subdir
=> 'migrate' },
860 __PACKAGE__-
>register_method({
862 path
=> '{vmid}/status/current',
865 protected
=> 1, # openvz /proc entries are only readable by root
866 description
=> "Get virtual machine status.",
868 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
871 additionalProperties
=> 0,
873 node
=> get_standard_option
('pve-node'),
874 vmid
=> get_standard_option
('pve-vmid'),
877 returns
=> { type
=> 'object' },
882 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
884 my $vmstatus = PVE
::LXC
::vmstatus
($param->{vmid
});
885 my $status = $vmstatus->{$param->{vmid
}};
887 $status->{ha
} = PVE
::HA
::Config
::vm_is_ha_managed
($param->{vmid
}) ?
1 : 0;
892 __PACKAGE__-
>register_method({
894 path
=> '{vmid}/status/start',
898 description
=> "Start the container.",
900 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
903 additionalProperties
=> 0,
905 node
=> get_standard_option
('pve-node'),
906 vmid
=> get_standard_option
('pve-vmid'),
915 my $rpcenv = PVE
::RPCEnvironment
::get
();
917 my $authuser = $rpcenv->get_user();
919 my $node = extract_param
($param, 'node');
921 my $vmid = extract_param
($param, 'vmid');
923 die "CT $vmid already running\n" if PVE
::LXC
::check_running
($vmid);
925 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
930 my $service = "ct:$vmid";
932 my $cmd = ['ha-manager', 'enable', $service];
934 print "Executing HA start for CT $vmid\n";
936 PVE
::Tools
::run_command
($cmd);
941 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
948 syslog
('info', "starting CT $vmid: $upid\n");
950 my $conf = PVE
::LXC
::load_config
($vmid);
951 my $stcfg = cfs_read_file
("storage.cfg");
952 if (my $sid = &$get_container_storage($stcfg, $vmid, $conf)) {
953 PVE
::Storage
::activate_storage
($stcfg, $sid);
956 my $cmd = ['lxc-start', '-n', $vmid];
963 return $rpcenv->fork_worker('vzstart', $vmid, $authuser, $realcmd);
967 __PACKAGE__-
>register_method({
969 path
=> '{vmid}/status/stop',
973 description
=> "Stop the container.",
975 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
978 additionalProperties
=> 0,
980 node
=> get_standard_option
('pve-node'),
981 vmid
=> get_standard_option
('pve-vmid'),
990 my $rpcenv = PVE
::RPCEnvironment
::get
();
992 my $authuser = $rpcenv->get_user();
994 my $node = extract_param
($param, 'node');
996 my $vmid = extract_param
($param, 'vmid');
998 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
1000 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
1005 my $service = "ct:$vmid";
1007 my $cmd = ['ha-manager', 'disable', $service];
1009 print "Executing HA stop for CT $vmid\n";
1011 PVE
::Tools
::run_command
($cmd);
1016 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1023 syslog
('info', "stoping CT $vmid: $upid\n");
1025 my $cmd = ['lxc-stop', '-n', $vmid, '--kill'];
1032 return $rpcenv->fork_worker('vzstop', $vmid, $authuser, $realcmd);
1036 __PACKAGE__-
>register_method({
1037 name
=> 'vm_shutdown',
1038 path
=> '{vmid}/status/shutdown',
1042 description
=> "Shutdown the container.",
1044 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1047 additionalProperties
=> 0,
1049 node
=> get_standard_option
('pve-node'),
1050 vmid
=> get_standard_option
('pve-vmid'),
1052 description
=> "Wait maximal timeout seconds.",
1059 description
=> "Make sure the Container stops.",
1072 my $rpcenv = PVE
::RPCEnvironment
::get
();
1074 my $authuser = $rpcenv->get_user();
1076 my $node = extract_param
($param, 'node');
1078 my $vmid = extract_param
($param, 'vmid');
1080 my $timeout = extract_param
($param, 'timeout');
1082 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
1087 syslog
('info', "shutdown CT $vmid: $upid\n");
1089 my $cmd = ['lxc-stop', '-n', $vmid];
1091 $timeout = 60 if !defined($timeout);
1093 push @$cmd, '--timeout', $timeout;
1095 eval { run_command
($cmd, timeout
=> $timeout+5); };
1099 die $err if !$param->{forceStop
};
1101 warn "shutdown failed - forcing stop now\n";
1103 push @$cmd, '--kill';
1109 my $upid = $rpcenv->fork_worker('vzshutdown', $vmid, $authuser, $realcmd);
1114 __PACKAGE__-
>register_method({
1115 name
=> 'vm_suspend',
1116 path
=> '{vmid}/status/suspend',
1120 description
=> "Suspend the container.",
1122 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1125 additionalProperties
=> 0,
1127 node
=> get_standard_option
('pve-node'),
1128 vmid
=> get_standard_option
('pve-vmid'),
1137 my $rpcenv = PVE
::RPCEnvironment
::get
();
1139 my $authuser = $rpcenv->get_user();
1141 my $node = extract_param
($param, 'node');
1143 my $vmid = extract_param
($param, 'vmid');
1145 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
1150 syslog
('info', "suspend CT $vmid: $upid\n");
1152 my $cmd = ['lxc-checkpoint', '-n', $vmid, '-s', '-D', '/var/liv/vz/dump'];
1159 my $upid = $rpcenv->fork_worker('vzsuspend', $vmid, $authuser, $realcmd);
1164 __PACKAGE__-
>register_method({
1165 name
=> 'vm_resume',
1166 path
=> '{vmid}/status/resume',
1170 description
=> "Resume the container.",
1172 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1175 additionalProperties
=> 0,
1177 node
=> get_standard_option
('pve-node'),
1178 vmid
=> get_standard_option
('pve-vmid'),
1187 my $rpcenv = PVE
::RPCEnvironment
::get
();
1189 my $authuser = $rpcenv->get_user();
1191 my $node = extract_param
($param, 'node');
1193 my $vmid = extract_param
($param, 'vmid');
1195 die "CT $vmid already running\n" if PVE
::LXC
::check_running
($vmid);
1200 syslog
('info', "resume CT $vmid: $upid\n");
1202 my $cmd = ['lxc-checkpoint', '-n', $vmid, '-r', '--foreground',
1203 '-D', '/var/liv/vz/dump'];
1210 my $upid = $rpcenv->fork_worker('vzresume', $vmid, $authuser, $realcmd);
1215 __PACKAGE__-
>register_method({
1216 name
=> 'migrate_vm',
1217 path
=> '{vmid}/migrate',
1221 description
=> "Migrate the container to another node. Creates a new migration task.",
1223 check
=> ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
1226 additionalProperties
=> 0,
1228 node
=> get_standard_option
('pve-node'),
1229 vmid
=> get_standard_option
('pve-vmid'),
1230 target
=> get_standard_option
('pve-node', { description
=> "Target node." }),
1233 description
=> "Use online/live migration.",
1240 description
=> "the task ID.",
1245 my $rpcenv = PVE
::RPCEnvironment
::get
();
1247 my $authuser = $rpcenv->get_user();
1249 my $target = extract_param
($param, 'target');
1251 my $localnode = PVE
::INotify
::nodename
();
1252 raise_param_exc
({ target
=> "target is local node."}) if $target eq $localnode;
1254 PVE
::Cluster
::check_cfs_quorum
();
1256 PVE
::Cluster
::check_node_exists
($target);
1258 my $targetip = PVE
::Cluster
::remote_node_ip
($target);
1260 my $vmid = extract_param
($param, 'vmid');
1263 PVE
::LXC
::load_config
($vmid);
1265 # try to detect errors early
1266 if (PVE
::LXC
::check_running
($vmid)) {
1267 die "cant migrate running container without --online\n"
1268 if !$param->{online
};
1271 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
1276 my $service = "ct:$vmid";
1278 my $cmd = ['ha-manager', 'migrate', $service, $target];
1280 print "Executing HA migrate for CT $vmid to node $target\n";
1282 PVE
::Tools
::run_command
($cmd);
1287 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
1294 # fixme: implement lxc container migration
1295 die "lxc container migration not implemented\n";
1300 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd);
1304 __PACKAGE__-
>register_method({
1306 path
=> '{vmid}/snapshot',
1310 description
=> "Snapshot a container.",
1312 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1315 additionalProperties
=> 0,
1317 node
=> get_standard_option
('pve-node'),
1318 vmid
=> get_standard_option
('pve-vmid'),
1319 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1323 description
=> "Save the vmstate",
1328 description
=> "A textual description or comment.",
1334 description
=> "the task ID.",
1339 my $rpcenv = PVE
::RPCEnvironment
::get
();
1341 my $authuser = $rpcenv->get_user();
1343 my $node = extract_param
($param, 'node');
1345 my $vmid = extract_param
($param, 'vmid');
1347 my $snapname = extract_param
($param, 'snapname');
1349 die "unable to use snapshot name 'current' (reserved name)\n"
1350 if $snapname eq 'current';
1353 PVE
::Cluster
::log_msg
('info', $authuser, "snapshot container $vmid: $snapname");
1354 PVE
::LXC
::snapshot_create
($vmid, $snapname, $param->{description
});
1357 return $rpcenv->fork_worker('pctsnapshot', $vmid, $authuser, $realcmd);
1360 __PACKAGE__-
>register_method({
1361 name
=> 'delsnapshot',
1362 path
=> '{vmid}/snapshot/{snapname}',
1366 description
=> "Delete a LXC snapshot.",
1368 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1371 additionalProperties
=> 0,
1373 node
=> get_standard_option
('pve-node'),
1374 vmid
=> get_standard_option
('pve-vmid'),
1375 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1379 description
=> "For removal from config file, even if removing disk snapshots fails.",
1385 description
=> "the task ID.",
1390 my $rpcenv = PVE
::RPCEnvironment
::get
();
1392 my $authuser = $rpcenv->get_user();
1394 my $node = extract_param
($param, 'node');
1396 my $vmid = extract_param
($param, 'vmid');
1398 my $snapname = extract_param
($param, 'snapname');
1401 PVE
::Cluster
::log_msg
('info', $authuser, "delete snapshot VM $vmid: $snapname");
1402 PVE
::LXC
::snapshot_delete
($vmid, $snapname, $param->{force
});
1405 return $rpcenv->fork_worker('lxcdelsnapshot', $vmid, $authuser, $realcmd);
1408 __PACKAGE__-
>register_method({
1410 path
=> '{vmid}/snapshot/{snapname}/rollback',
1414 description
=> "Rollback LXC state to specified snapshot.",
1416 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1419 additionalProperties
=> 0,
1421 node
=> get_standard_option
('pve-node'),
1422 vmid
=> get_standard_option
('pve-vmid'),
1423 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1428 description
=> "the task ID.",
1433 my $rpcenv = PVE
::RPCEnvironment
::get
();
1435 my $authuser = $rpcenv->get_user();
1437 my $node = extract_param
($param, 'node');
1439 my $vmid = extract_param
($param, 'vmid');
1441 my $snapname = extract_param
($param, 'snapname');
1444 PVE
::Cluster
::log_msg
('info', $authuser, "rollback snapshot LXC $vmid: $snapname");
1445 PVE
::LXC
::snapshot_rollback
($vmid, $snapname);
1448 return $rpcenv->fork_worker('lxcrollback', $vmid, $authuser, $realcmd);
1451 __PACKAGE__-
>register_method({
1452 name
=> 'snapshot_list',
1453 path
=> '{vmid}/snapshot',
1455 description
=> "List all snapshots.",
1457 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1460 protected
=> 1, # lxc pid files are only readable by root
1462 additionalProperties
=> 0,
1464 vmid
=> get_standard_option
('pve-vmid'),
1465 node
=> get_standard_option
('pve-node'),
1474 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
1479 my $vmid = $param->{vmid
};
1481 my $conf = PVE
::LXC
::load_config
($vmid);
1482 my $snaphash = $conf->{snapshots
} || {};
1486 foreach my $name (keys %$snaphash) {
1487 my $d = $snaphash->{$name};
1490 snaptime
=> $d->{'pve.snaptime'} || 0,
1491 description
=> $d->{'pve.snapcomment'} || '',
1493 $item->{parent
} = $d->{'pve.parent'} if $d->{'pve.parent'};
1494 $item->{snapstate
} = $d->{'pve.snapstate'} if $d->{'pve.snapstate'};
1498 my $running = PVE
::LXC
::check_running
($vmid) ?
1 : 0;
1499 my $current = { name
=> 'current', digest
=> $conf->{digest
}, running
=> $running };
1500 $current->{parent
} = $conf->{'pve.parent'} if $conf->{'pve.parent'};
1502 push @$res, $current;
1507 __PACKAGE__-
>register_method({
1508 name
=> 'snapshot_cmd_idx',
1509 path
=> '{vmid}/snapshot/{snapname}',
1516 additionalProperties
=> 0,
1518 vmid
=> get_standard_option
('pve-vmid'),
1519 node
=> get_standard_option
('pve-node'),
1520 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1529 links
=> [ { rel
=> 'child', href
=> "{cmd}" } ],
1536 push @$res, { cmd
=> 'rollback' };
1537 push @$res, { cmd
=> 'config' };
1542 __PACKAGE__-
>register_method({
1543 name
=> 'update_snapshot_config',
1544 path
=> '{vmid}/snapshot/{snapname}/config',
1548 description
=> "Update snapshot metadata.",
1550 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1553 additionalProperties
=> 0,
1555 node
=> get_standard_option
('pve-node'),
1556 vmid
=> get_standard_option
('pve-vmid'),
1557 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1561 description
=> "A textual description or comment.",
1565 returns
=> { type
=> 'null' },
1569 my $rpcenv = PVE
::RPCEnvironment
::get
();
1571 my $authuser = $rpcenv->get_user();
1573 my $vmid = extract_param
($param, 'vmid');
1575 my $snapname = extract_param
($param, 'snapname');
1577 return undef if !defined($param->{description
});
1579 my $updatefn = sub {
1581 my $conf = PVE
::LXC
::load_config
($vmid);
1582 PVE
::LXC
::check_lock
($conf);
1584 my $snap = $conf->{snapshots
}->{$snapname};
1586 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1588 $snap->{'pve.snapcomment'} = $param->{description
} if defined($param->{description
});
1590 PVE
::LXC
::write_config
($vmid, $conf, 1);
1593 PVE
::LXC
::lock_container
($vmid, 10, $updatefn);
1598 __PACKAGE__-
>register_method({
1599 name
=> 'get_snapshot_config',
1600 path
=> '{vmid}/snapshot/{snapname}/config',
1603 description
=> "Get snapshot configuration",
1605 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1608 additionalProperties
=> 0,
1610 node
=> get_standard_option
('pve-node'),
1611 vmid
=> get_standard_option
('pve-vmid'),
1612 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1615 returns
=> { type
=> "object" },
1619 my $rpcenv = PVE
::RPCEnvironment
::get
();
1621 my $authuser = $rpcenv->get_user();
1623 my $vmid = extract_param
($param, 'vmid');
1625 my $snapname = extract_param
($param, 'snapname');
1627 my $lxc_conf = PVE
::LXC
::load_config
($vmid);
1629 my $snap = $lxc_conf->{snapshots
}->{$snapname};
1631 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1633 my $conf = PVE
::LXC
::lxc_conf_to_pve
($param->{vmid
}, $snap);
1638 __PACKAGE__-
>register_method({
1639 name
=> 'vm_feature',
1640 path
=> '{vmid}/feature',
1644 description
=> "Check if feature for virtual machine is available.",
1646 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1649 additionalProperties
=> 0,
1651 node
=> get_standard_option
('pve-node'),
1652 vmid
=> get_standard_option
('pve-vmid'),
1654 description
=> "Feature to check.",
1656 enum
=> [ 'snapshot' ],
1658 snapname
=> get_standard_option
('pve-lxc-snapshot-name', {
1666 hasFeature
=> { type
=> 'boolean' },
1669 #items => { type => 'string' },
1676 my $node = extract_param
($param, 'node');
1678 my $vmid = extract_param
($param, 'vmid');
1680 my $snapname = extract_param
($param, 'snapname');
1682 my $feature = extract_param
($param, 'feature');
1684 my $conf = PVE
::LXC
::load_config
($vmid);
1687 my $snap = $conf->{snapshots
}->{$snapname};
1688 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1691 my $storecfg = PVE
::Storage
::config
();
1692 #Maybe include later
1693 #my $nodelist = PVE::LXC::shared_nodes($conf, $storecfg);
1694 my $hasFeature = PVE
::LXC
::has_feature
($feature, $conf, $storecfg, $snapname);
1697 hasFeature
=> $hasFeature,
1698 #nodes => [ keys %$nodelist ],