]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
1 package PVE
::API2
::LXC
;
7 use PVE
::Tools
qw(extract_param run_command);
8 use PVE
::Exception
qw(raise raise_param_exc);
10 use PVE
::Cluster
qw(cfs_read_file);
11 use PVE
::AccessControl
;
14 use PVE
::RPCEnvironment
;
18 use PVE
::JSONSchema
qw(get_standard_option);
19 use base
qw(PVE::RESTHandler);
21 use Data
::Dumper
; # fixme: remove
23 my $get_container_storage = sub {
24 my ($stcfg, $vmid, $lxc_conf) = @_;
26 if (my $volid = $lxc_conf->{'pve.volid'}) {
27 my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid);
28 return wantarray ?
($sid, $volname) : $sid;
30 my $path = $lxc_conf->{'lxc.rootfs'};
31 my ($vtype, $volid) = PVE
::Storage
::path_to_volume_id
($stcfg, $path);
32 my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1) if $volid;
33 return wantarray ?
($sid, $volname, $path) : $sid;
37 my $check_ct_modify_config_perm = sub {
38 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
40 return 1 if $authuser ne 'root@pam';
42 foreach my $opt (@$key_list) {
44 if ($opt eq 'cpus' || $opt eq 'cpuunits' || $opt eq 'cpulimit') {
45 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
46 } elsif ($opt eq 'disk') {
47 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
48 } elsif ($opt eq 'memory' || $opt eq 'swap') {
49 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
50 } elsif ($opt =~ m/^net\d+$/ || $opt eq 'nameserver' ||
51 $opt eq 'searchdomain' || $opt eq 'hostname') {
52 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
54 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
61 PVE
::JSONSchema
::register_standard_option
('pve-lxc-snapshot-name', {
62 description
=> "The name of the snapshot.",
63 type
=> 'string', format
=> 'pve-configid',
67 __PACKAGE__-
>register_method({
71 description
=> "LXC container index (per node).",
73 description
=> "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
77 protected
=> 1, # /proc files are only readable by root
79 additionalProperties
=> 0,
81 node
=> get_standard_option
('pve-node'),
90 links
=> [ { rel
=> 'child', href
=> "{vmid}" } ],
95 my $rpcenv = PVE
::RPCEnvironment
::get
();
96 my $authuser = $rpcenv->get_user();
98 my $vmstatus = PVE
::LXC
::vmstatus
();
101 foreach my $vmid (keys %$vmstatus) {
102 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
104 my $data = $vmstatus->{$vmid};
105 $data->{vmid
} = $vmid;
113 __PACKAGE__-
>register_method({
117 description
=> "Create or restore a container.",
119 user
=> 'all', # check inside
120 description
=> "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
121 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
122 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
127 additionalProperties
=> 0,
128 properties
=> PVE
::LXC
::json_config_properties
({
129 node
=> get_standard_option
('pve-node'),
130 vmid
=> get_standard_option
('pve-vmid'),
132 description
=> "The OS template or backup file.",
139 description
=> "Sets root password inside container.",
142 storage
=> get_standard_option
('pve-storage-id', {
143 description
=> "Target storage.",
150 description
=> "Allow to overwrite existing container.",
155 description
=> "Mark this as restore task.",
159 type
=> 'string', format
=> 'pve-poolid',
160 description
=> "Add the VM to the specified pool.",
170 my $rpcenv = PVE
::RPCEnvironment
::get
();
172 my $authuser = $rpcenv->get_user();
174 my $node = extract_param
($param, 'node');
176 my $vmid = extract_param
($param, 'vmid');
178 my $basecfg_fn = PVE
::LXC
::config_file
($vmid);
180 my $same_container_exists = -f
$basecfg_fn;
182 my $restore = extract_param
($param, 'restore');
185 # fixme: limit allowed parameters
189 my $force = extract_param
($param, 'force');
191 if (!($same_container_exists && $restore && $force)) {
192 PVE
::Cluster
::check_vmid_unused
($vmid);
195 my $password = extract_param
($param, 'password');
197 my $storage = extract_param
($param, 'storage') || 'local';
199 my $pool = extract_param
($param, 'pool');
201 my $storage_cfg = cfs_read_file
("storage.cfg");
203 my $scfg = PVE
::Storage
::storage_check_node
($storage_cfg, $storage, $node);
205 raise_param_exc
({ storage
=> "storage '$storage' does not support container root directories"})
206 if !$scfg->{content
}->{rootdir
};
208 if (defined($pool)) {
209 $rpcenv->check_pool_exist($pool);
210 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
213 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
215 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
217 } elsif ($restore && $force && $same_container_exists &&
218 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
219 # OK: user has VM.Backup permissions, and want to restore an existing VM
224 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
226 PVE
::Storage
::activate_storage
($storage_cfg, $storage);
228 my $ostemplate = extract_param
($param, 'ostemplate');
232 if ($ostemplate eq '-') {
233 die "pipe requires cli environment\n"
234 if $rpcenv->{type
} ne 'cli';
235 die "pipe can only be used with restore tasks\n"
239 $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate);
240 $archive = PVE
::Storage
::abs_filesystem_path
($storage_cfg, $ostemplate);
246 $conf = PVE
::LXCCreate
::recover_config
($archive, $conf);
247 PVE
::LXC
::lxc_config_change_vmid
($conf, $vmid);
250 $param->{hostname
} ||= "CT$vmid" if !defined($conf->{'lxc.utsname'});
251 $param->{memory
} ||= 512 if !defined($conf->{'lxc.cgroup.memory.limit_in_bytes'});
252 $param->{swap
} //= 512 if !defined($conf->{'lxc.cgroup.memory.memsw.limit_in_bytes'});
254 PVE
::LXC
::update_lxc_config
($vmid, $conf, 0, $param);
256 # assigng default names, so that we can configure network with LXCSetup
257 foreach my $k (keys %$conf) {
258 next if $k !~ m/^net(\d+)$/;
261 $d->{name
} = "eth$ind"; # fixme: do not overwrite settings!
264 # use user namespace ?
265 # disable for now, because kernel 3.10.0 does not support it
266 #$conf->{'lxc.id_map'} = ["u 0 100000 65536", "g 0 100000 65536"];
268 my $check_vmid_usage = sub {
270 die "cant overwrite running container\n"
271 if PVE
::LXC
::check_running
($vmid);
273 PVE
::Cluster
::check_vmid_unused
($vmid);
278 if ($restore && ($ostemplate =~ m/openvz/) ) {
279 print "###########################################################\n";
280 print "Restore from OpenVZ please check the config and add network\n";
281 print "###########################################################\n";
284 &$check_vmid_usage(); # final check after locking
286 PVE
::Cluster
::check_cfs_quorum
();
288 PVE
::LXCCreate
::create_rootfs
($storage_cfg, $storage, $param->{disk
}, $vmid, $conf,
289 $archive, $password, $restore);
292 my $realcmd = sub { PVE
::LXC
::lock_container
($vmid, 1, $code); };
294 &$check_vmid_usage(); # first check before locking
296 return $rpcenv->fork_worker($restore ?
'vzrestore' : 'vzcreate',
297 $vmid, $authuser, $realcmd);
301 my $vm_config_perm_list = [
309 __PACKAGE__-
>register_method({
311 path
=> '{vmid}/config',
315 description
=> "Set container options.",
317 check
=> ['perm', '/vms/{vmid}', $vm_config_perm_list, any
=> 1],
320 additionalProperties
=> 0,
321 properties
=> PVE
::LXC
::json_config_properties
(
323 node
=> get_standard_option
('pve-node'),
324 vmid
=> get_standard_option
('pve-vmid'),
326 type
=> 'string', format
=> 'pve-configid-list',
327 description
=> "A list of settings you want to delete.",
332 description
=> 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
338 returns
=> { type
=> 'null'},
342 my $rpcenv = PVE
::RPCEnvironment
::get
();
344 my $authuser = $rpcenv->get_user();
346 my $node = extract_param
($param, 'node');
348 my $vmid = extract_param
($param, 'vmid');
350 my $digest = extract_param
($param, 'digest');
352 die "no options specified\n" if !scalar(keys %$param);
354 my $delete_str = extract_param
($param, 'delete');
355 my @delete = PVE
::Tools
::split_list
($delete_str);
357 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
359 foreach my $opt (@delete) {
360 raise_param_exc
({ delete => "you can't use '-$opt' and " .
361 "-delete $opt' at the same time" })
362 if defined($param->{$opt});
364 if (!PVE
::LXC
::option_exists
($opt)) {
365 raise_param_exc
({ delete => "unknown option '$opt'" });
369 &$check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
373 my $conf = PVE
::LXC
::load_config
($vmid);
374 PVE
::LXC
::check_lock
($conf);
376 PVE
::Tools
::assert_if_modified
($digest, $conf->{digest
});
378 my $running = PVE
::LXC
::check_running
($vmid);
380 PVE
::LXC
::update_lxc_config
($vmid, $conf, $running, $param, \
@delete);
382 PVE
::LXC
::write_config
($vmid, $conf);
385 PVE
::LXC
::lock_container
($vmid, undef, $code);
390 __PACKAGE__-
>register_method ({
391 subclass
=> "PVE::API2::Firewall::CT",
392 path
=> '{vmid}/firewall',
395 __PACKAGE__-
>register_method({
400 description
=> "Directory index",
405 additionalProperties
=> 0,
407 node
=> get_standard_option
('pve-node'),
408 vmid
=> get_standard_option
('pve-vmid'),
416 subdir
=> { type
=> 'string' },
419 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
425 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
428 { subdir
=> 'config' },
429 { subdir
=> 'status' },
430 { subdir
=> 'vncproxy' },
431 { subdir
=> 'vncwebsocket' },
432 { subdir
=> 'spiceproxy' },
433 { subdir
=> 'migrate' },
434 # { subdir => 'initlog' },
436 { subdir
=> 'rrddata' },
437 { subdir
=> 'firewall' },
438 { subdir
=> 'snapshot' },
444 __PACKAGE__-
>register_method({
446 path
=> '{vmid}/rrd',
448 protected
=> 1, # fixme: can we avoid that?
450 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
452 description
=> "Read VM RRD statistics (returns PNG)",
454 additionalProperties
=> 0,
456 node
=> get_standard_option
('pve-node'),
457 vmid
=> get_standard_option
('pve-vmid'),
459 description
=> "Specify the time frame you are interested in.",
461 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
464 description
=> "The list of datasources you want to display.",
465 type
=> 'string', format
=> 'pve-configid-list',
468 description
=> "The RRD consolidation function",
470 enum
=> [ 'AVERAGE', 'MAX' ],
478 filename
=> { type
=> 'string' },
484 return PVE
::Cluster
::create_rrd_graph
(
485 "pve2-vm/$param->{vmid}", $param->{timeframe
},
486 $param->{ds
}, $param->{cf
});
490 __PACKAGE__-
>register_method({
492 path
=> '{vmid}/rrddata',
494 protected
=> 1, # fixme: can we avoid that?
496 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
498 description
=> "Read VM RRD statistics",
500 additionalProperties
=> 0,
502 node
=> get_standard_option
('pve-node'),
503 vmid
=> get_standard_option
('pve-vmid'),
505 description
=> "Specify the time frame you are interested in.",
507 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
510 description
=> "The RRD consolidation function",
512 enum
=> [ 'AVERAGE', 'MAX' ],
527 return PVE
::Cluster
::create_rrd_data
(
528 "pve2-vm/$param->{vmid}", $param->{timeframe
}, $param->{cf
});
532 __PACKAGE__-
>register_method({
534 path
=> '{vmid}/config',
537 description
=> "Get container configuration.",
539 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
542 additionalProperties
=> 0,
544 node
=> get_standard_option
('pve-node'),
545 vmid
=> get_standard_option
('pve-vmid'),
553 description
=> 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
560 my $lxc_conf = PVE
::LXC
::load_config
($param->{vmid
});
562 # NOTE: we only return selected/converted values
564 my $conf = PVE
::LXC
::lxc_conf_to_pve
($param->{vmid
}, $lxc_conf);
566 my $stcfg = PVE
::Cluster
::cfs_read_file
("storage.cfg");
568 my ($sid, undef, $path) = &$get_container_storage($stcfg, $param->{vmid
}, $lxc_conf);
569 $conf->{storage
} = $sid || $path;
574 __PACKAGE__-
>register_method({
575 name
=> 'destroy_vm',
580 description
=> "Destroy the container (also delete all uses files).",
582 check
=> [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
585 additionalProperties
=> 0,
587 node
=> get_standard_option
('pve-node'),
588 vmid
=> get_standard_option
('pve-vmid'),
597 my $rpcenv = PVE
::RPCEnvironment
::get
();
599 my $authuser = $rpcenv->get_user();
601 my $vmid = $param->{vmid
};
603 # test if container exists
604 my $conf = PVE
::LXC
::load_config
($vmid);
606 my $storage_cfg = cfs_read_file
("storage.cfg");
609 # reload config after lock
610 $conf = PVE
::LXC
::load_config
($vmid);
611 PVE
::LXC
::check_lock
($conf);
613 PVE
::LXC
::destory_lxc_container
($storage_cfg, $vmid, $conf);
614 PVE
::AccessControl
::remove_vm_from_pool
($vmid);
617 my $realcmd = sub { PVE
::LXC
::lock_container
($vmid, 1, $code); };
619 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
624 __PACKAGE__-
>register_method ({
626 path
=> '{vmid}/vncproxy',
630 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
632 description
=> "Creates a TCP VNC proxy connections.",
634 additionalProperties
=> 0,
636 node
=> get_standard_option
('pve-node'),
637 vmid
=> get_standard_option
('pve-vmid'),
641 description
=> "use websocket instead of standard VNC.",
646 additionalProperties
=> 0,
648 user
=> { type
=> 'string' },
649 ticket
=> { type
=> 'string' },
650 cert
=> { type
=> 'string' },
651 port
=> { type
=> 'integer' },
652 upid
=> { type
=> 'string' },
658 my $rpcenv = PVE
::RPCEnvironment
::get
();
660 my $authuser = $rpcenv->get_user();
662 my $vmid = $param->{vmid
};
663 my $node = $param->{node
};
665 my $authpath = "/vms/$vmid";
667 my $ticket = PVE
::AccessControl
::assemble_vnc_ticket
($authuser, $authpath);
669 $sslcert = PVE
::Tools
::file_get_contents
("/etc/pve/pve-root-ca.pem", 8192)
672 my ($remip, $family);
674 if ($node ne PVE
::INotify
::nodename
()) {
675 ($remip, $family) = PVE
::Cluster
::remote_node_ip
($node);
677 $family = PVE
::Tools
::get_host_address_family
($node);
680 my $port = PVE
::Tools
::next_vnc_port
($family);
682 # NOTE: vncterm VNC traffic is already TLS encrypted,
683 # so we select the fastest chipher here (or 'none'?)
684 my $remcmd = $remip ?
685 ['/usr/bin/ssh', '-t', $remip] : [];
687 my $shcmd = [ '/usr/bin/dtach', '-A',
688 "/var/run/dtach/vzctlconsole$vmid",
690 'lxc-console', '-n', $vmid ];
695 syslog
('info', "starting lxc vnc proxy $upid\n");
699 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
700 '-timeout', $timeout, '-authpath', $authpath,
701 '-perm', 'VM.Console'];
703 if ($param->{websocket
}) {
704 $ENV{PVE_VNC_TICKET
} = $ticket; # pass ticket to vncterm
705 push @$cmd, '-notls', '-listen', 'localhost';
708 push @$cmd, '-c', @$remcmd, @$shcmd;
715 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
717 PVE
::Tools
::wait_for_vnc_port
($port);
728 __PACKAGE__-
>register_method({
729 name
=> 'vncwebsocket',
730 path
=> '{vmid}/vncwebsocket',
733 description
=> "You also need to pass a valid ticket (vncticket).",
734 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
736 description
=> "Opens a weksocket for VNC traffic.",
738 additionalProperties
=> 0,
740 node
=> get_standard_option
('pve-node'),
741 vmid
=> get_standard_option
('pve-vmid'),
743 description
=> "Ticket from previous call to vncproxy.",
748 description
=> "Port number returned by previous vncproxy call.",
758 port
=> { type
=> 'string' },
764 my $rpcenv = PVE
::RPCEnvironment
::get
();
766 my $authuser = $rpcenv->get_user();
768 my $authpath = "/vms/$param->{vmid}";
770 PVE
::AccessControl
::verify_vnc_ticket
($param->{vncticket
}, $authuser, $authpath);
772 my $port = $param->{port
};
774 return { port
=> $port };
777 __PACKAGE__-
>register_method ({
778 name
=> 'spiceproxy',
779 path
=> '{vmid}/spiceproxy',
784 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
786 description
=> "Returns a SPICE configuration to connect to the CT.",
788 additionalProperties
=> 0,
790 node
=> get_standard_option
('pve-node'),
791 vmid
=> get_standard_option
('pve-vmid'),
792 proxy
=> get_standard_option
('spice-proxy', { optional
=> 1 }),
795 returns
=> get_standard_option
('remote-viewer-config'),
799 my $vmid = $param->{vmid
};
800 my $node = $param->{node
};
801 my $proxy = $param->{proxy
};
803 my $authpath = "/vms/$vmid";
804 my $permissions = 'VM.Console';
806 my $shcmd = ['/usr/bin/dtach', '-A',
807 "/var/run/dtach/vzctlconsole$vmid",
809 'lxc-console', '-n', $vmid];
811 my $title = "CT $vmid";
813 return PVE
::API2Tools
::run_spiceterm
($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
816 __PACKAGE__-
>register_method({
818 path
=> '{vmid}/status',
821 description
=> "Directory index",
826 additionalProperties
=> 0,
828 node
=> get_standard_option
('pve-node'),
829 vmid
=> get_standard_option
('pve-vmid'),
837 subdir
=> { type
=> 'string' },
840 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
846 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
849 { subdir
=> 'current' },
850 { subdir
=> 'start' },
851 { subdir
=> 'stop' },
852 { subdir
=> 'shutdown' },
853 { subdir
=> 'migrate' },
859 __PACKAGE__-
>register_method({
861 path
=> '{vmid}/status/current',
864 protected
=> 1, # openvz /proc entries are only readable by root
865 description
=> "Get virtual machine status.",
867 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
870 additionalProperties
=> 0,
872 node
=> get_standard_option
('pve-node'),
873 vmid
=> get_standard_option
('pve-vmid'),
876 returns
=> { type
=> 'object' },
881 my $conf = PVE
::LXC
::load_config
($param->{vmid
});
883 my $vmstatus = PVE
::LXC
::vmstatus
($param->{vmid
});
884 my $status = $vmstatus->{$param->{vmid
}};
886 $status->{ha
} = PVE
::HA
::Config
::vm_is_ha_managed
($param->{vmid
}) ?
1 : 0;
891 __PACKAGE__-
>register_method({
893 path
=> '{vmid}/status/start',
897 description
=> "Start the container.",
899 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
902 additionalProperties
=> 0,
904 node
=> get_standard_option
('pve-node'),
905 vmid
=> get_standard_option
('pve-vmid'),
914 my $rpcenv = PVE
::RPCEnvironment
::get
();
916 my $authuser = $rpcenv->get_user();
918 my $node = extract_param
($param, 'node');
920 my $vmid = extract_param
($param, 'vmid');
922 die "CT $vmid already running\n" if PVE
::LXC
::check_running
($vmid);
924 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
929 my $service = "ct:$vmid";
931 my $cmd = ['ha-manager', 'enable', $service];
933 print "Executing HA start for CT $vmid\n";
935 PVE
::Tools
::run_command
($cmd);
940 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
947 syslog
('info', "starting CT $vmid: $upid\n");
949 my $conf = PVE
::LXC
::load_config
($vmid);
950 my $stcfg = cfs_read_file
("storage.cfg");
951 if (my $sid = &$get_container_storage($stcfg, $vmid, $conf)) {
952 PVE
::Storage
::activate_storage
($stcfg, $sid);
955 my $cmd = ['lxc-start', '-n', $vmid];
962 return $rpcenv->fork_worker('vzstart', $vmid, $authuser, $realcmd);
966 __PACKAGE__-
>register_method({
968 path
=> '{vmid}/status/stop',
972 description
=> "Stop the container.",
974 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
977 additionalProperties
=> 0,
979 node
=> get_standard_option
('pve-node'),
980 vmid
=> get_standard_option
('pve-vmid'),
989 my $rpcenv = PVE
::RPCEnvironment
::get
();
991 my $authuser = $rpcenv->get_user();
993 my $node = extract_param
($param, 'node');
995 my $vmid = extract_param
($param, 'vmid');
997 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
999 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
1004 my $service = "ct:$vmid";
1006 my $cmd = ['ha-manager', 'disable', $service];
1008 print "Executing HA stop for CT $vmid\n";
1010 PVE
::Tools
::run_command
($cmd);
1015 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1022 syslog
('info', "stoping CT $vmid: $upid\n");
1024 my $cmd = ['lxc-stop', '-n', $vmid, '--kill'];
1031 return $rpcenv->fork_worker('vzstop', $vmid, $authuser, $realcmd);
1035 __PACKAGE__-
>register_method({
1036 name
=> 'vm_shutdown',
1037 path
=> '{vmid}/status/shutdown',
1041 description
=> "Shutdown the container.",
1043 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1046 additionalProperties
=> 0,
1048 node
=> get_standard_option
('pve-node'),
1049 vmid
=> get_standard_option
('pve-vmid'),
1051 description
=> "Wait maximal timeout seconds.",
1058 description
=> "Make sure the Container stops.",
1071 my $rpcenv = PVE
::RPCEnvironment
::get
();
1073 my $authuser = $rpcenv->get_user();
1075 my $node = extract_param
($param, 'node');
1077 my $vmid = extract_param
($param, 'vmid');
1079 my $timeout = extract_param
($param, 'timeout');
1081 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
1086 syslog
('info', "shutdown CT $vmid: $upid\n");
1088 my $cmd = ['lxc-stop', '-n', $vmid];
1090 $timeout = 60 if !defined($timeout);
1092 push @$cmd, '--timeout', $timeout;
1094 eval { run_command
($cmd, timeout
=> $timeout+5); };
1098 die $err if !$param->{forceStop
};
1100 warn "shutdown failed - forcing stop now\n";
1102 push @$cmd, '--kill';
1108 my $upid = $rpcenv->fork_worker('vzshutdown', $vmid, $authuser, $realcmd);
1113 __PACKAGE__-
>register_method({
1114 name
=> 'vm_suspend',
1115 path
=> '{vmid}/status/suspend',
1119 description
=> "Suspend the container.",
1121 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1124 additionalProperties
=> 0,
1126 node
=> get_standard_option
('pve-node'),
1127 vmid
=> get_standard_option
('pve-vmid'),
1136 my $rpcenv = PVE
::RPCEnvironment
::get
();
1138 my $authuser = $rpcenv->get_user();
1140 my $node = extract_param
($param, 'node');
1142 my $vmid = extract_param
($param, 'vmid');
1144 die "CT $vmid not running\n" if !PVE
::LXC
::check_running
($vmid);
1149 syslog
('info', "suspend CT $vmid: $upid\n");
1151 my $cmd = ['lxc-checkpoint', '-n', $vmid, '-s', '-D', '/var/liv/vz/dump'];
1158 my $upid = $rpcenv->fork_worker('vzsuspend', $vmid, $authuser, $realcmd);
1163 __PACKAGE__-
>register_method({
1164 name
=> 'vm_resume',
1165 path
=> '{vmid}/status/resume',
1169 description
=> "Resume the container.",
1171 check
=> ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1174 additionalProperties
=> 0,
1176 node
=> get_standard_option
('pve-node'),
1177 vmid
=> get_standard_option
('pve-vmid'),
1186 my $rpcenv = PVE
::RPCEnvironment
::get
();
1188 my $authuser = $rpcenv->get_user();
1190 my $node = extract_param
($param, 'node');
1192 my $vmid = extract_param
($param, 'vmid');
1194 die "CT $vmid already running\n" if PVE
::LXC
::check_running
($vmid);
1199 syslog
('info', "resume CT $vmid: $upid\n");
1201 my $cmd = ['lxc-checkpoint', '-n', $vmid, '-r', '--foreground',
1202 '-D', '/var/liv/vz/dump'];
1209 my $upid = $rpcenv->fork_worker('vzresume', $vmid, $authuser, $realcmd);
1214 __PACKAGE__-
>register_method({
1215 name
=> 'migrate_vm',
1216 path
=> '{vmid}/migrate',
1220 description
=> "Migrate the container to another node. Creates a new migration task.",
1222 check
=> ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
1225 additionalProperties
=> 0,
1227 node
=> get_standard_option
('pve-node'),
1228 vmid
=> get_standard_option
('pve-vmid'),
1229 target
=> get_standard_option
('pve-node', { description
=> "Target node." }),
1232 description
=> "Use online/live migration.",
1239 description
=> "the task ID.",
1244 my $rpcenv = PVE
::RPCEnvironment
::get
();
1246 my $authuser = $rpcenv->get_user();
1248 my $target = extract_param
($param, 'target');
1250 my $localnode = PVE
::INotify
::nodename
();
1251 raise_param_exc
({ target
=> "target is local node."}) if $target eq $localnode;
1253 PVE
::Cluster
::check_cfs_quorum
();
1255 PVE
::Cluster
::check_node_exists
($target);
1257 my $targetip = PVE
::Cluster
::remote_node_ip
($target);
1259 my $vmid = extract_param
($param, 'vmid');
1262 PVE
::LXC
::load_config
($vmid);
1264 # try to detect errors early
1265 if (PVE
::LXC
::check_running
($vmid)) {
1266 die "cant migrate running container without --online\n"
1267 if !$param->{online
};
1270 if (PVE
::HA
::Config
::vm_is_ha_managed
($vmid) && $rpcenv->{type
} ne 'ha') {
1275 my $service = "ct:$vmid";
1277 my $cmd = ['ha-manager', 'migrate', $service, $target];
1279 print "Executing HA migrate for CT $vmid to node $target\n";
1281 PVE
::Tools
::run_command
($cmd);
1286 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
1293 # fixme: implement lxc container migration
1294 die "lxc container migration not implemented\n";
1299 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd);
1303 __PACKAGE__-
>register_method({
1305 path
=> '{vmid}/snapshot',
1309 description
=> "Snapshot a container.",
1311 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1314 additionalProperties
=> 0,
1316 node
=> get_standard_option
('pve-node'),
1317 vmid
=> get_standard_option
('pve-vmid'),
1318 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1322 description
=> "Save the vmstate",
1327 description
=> "A textual description or comment.",
1333 description
=> "the task ID.",
1338 my $rpcenv = PVE
::RPCEnvironment
::get
();
1340 my $authuser = $rpcenv->get_user();
1342 my $node = extract_param
($param, 'node');
1344 my $vmid = extract_param
($param, 'vmid');
1346 my $snapname = extract_param
($param, 'snapname');
1348 die "unable to use snapshot name 'current' (reserved name)\n"
1349 if $snapname eq 'current';
1352 PVE
::Cluster
::log_msg
('info', $authuser, "snapshot container $vmid: $snapname");
1353 PVE
::LXC
::snapshot_create
($vmid, $snapname, $param->{description
});
1356 return $rpcenv->fork_worker('pctsnapshot', $vmid, $authuser, $realcmd);
1359 __PACKAGE__-
>register_method({
1360 name
=> 'delsnapshot',
1361 path
=> '{vmid}/snapshot/{snapname}',
1365 description
=> "Delete a LXC snapshot.",
1367 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1370 additionalProperties
=> 0,
1372 node
=> get_standard_option
('pve-node'),
1373 vmid
=> get_standard_option
('pve-vmid'),
1374 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1378 description
=> "For removal from config file, even if removing disk snapshots fails.",
1384 description
=> "the task ID.",
1389 my $rpcenv = PVE
::RPCEnvironment
::get
();
1391 my $authuser = $rpcenv->get_user();
1393 my $node = extract_param
($param, 'node');
1395 my $vmid = extract_param
($param, 'vmid');
1397 my $snapname = extract_param
($param, 'snapname');
1400 PVE
::Cluster
::log_msg
('info', $authuser, "delete snapshot VM $vmid: $snapname");
1401 PVE
::LXC
::snapshot_delete
($vmid, $snapname, $param->{force
});
1404 return $rpcenv->fork_worker('lxcdelsnapshot', $vmid, $authuser, $realcmd);
1407 __PACKAGE__-
>register_method({
1409 path
=> '{vmid}/snapshot/{snapname}/rollback',
1413 description
=> "Rollback LXC state to specified snapshot.",
1415 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1418 additionalProperties
=> 0,
1420 node
=> get_standard_option
('pve-node'),
1421 vmid
=> get_standard_option
('pve-vmid'),
1422 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1427 description
=> "the task ID.",
1432 my $rpcenv = PVE
::RPCEnvironment
::get
();
1434 my $authuser = $rpcenv->get_user();
1436 my $node = extract_param
($param, 'node');
1438 my $vmid = extract_param
($param, 'vmid');
1440 my $snapname = extract_param
($param, 'snapname');
1443 PVE
::Cluster
::log_msg
('info', $authuser, "rollback snapshot LXC $vmid: $snapname");
1444 PVE
::LXC
::snapshot_rollback
($vmid, $snapname);
1447 return $rpcenv->fork_worker('lxcrollback', $vmid, $authuser, $realcmd);
1450 __PACKAGE__-
>register_method({
1451 name
=> 'snapshot_list',
1452 path
=> '{vmid}/snapshot',
1454 description
=> "List all snapshots.",
1456 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1459 protected
=> 1, # lxc pid files are only readable by root
1461 additionalProperties
=> 0,
1463 vmid
=> get_standard_option
('pve-vmid'),
1464 node
=> get_standard_option
('pve-node'),
1473 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
1478 my $vmid = $param->{vmid
};
1480 my $conf = PVE
::LXC
::load_config
($vmid);
1481 my $snaphash = $conf->{snapshots
} || {};
1485 foreach my $name (keys %$snaphash) {
1486 my $d = $snaphash->{$name};
1489 snaptime
=> $d->{'pve.snaptime'} || 0,
1490 description
=> $d->{'pve.snapcomment'} || '',
1492 $item->{parent
} = $d->{'pve.parent'} if $d->{'pve.parent'};
1493 $item->{snapstate
} = $d->{'pve.snapstate'} if $d->{'pve.snapstate'};
1497 my $running = PVE
::LXC
::check_running
($vmid) ?
1 : 0;
1498 my $current = { name
=> 'current', digest
=> $conf->{digest
}, running
=> $running };
1499 $current->{parent
} = $conf->{'pve.parent'} if $conf->{'pve.parent'};
1501 push @$res, $current;
1506 __PACKAGE__-
>register_method({
1507 name
=> 'snapshot_cmd_idx',
1508 path
=> '{vmid}/snapshot/{snapname}',
1515 additionalProperties
=> 0,
1517 vmid
=> get_standard_option
('pve-vmid'),
1518 node
=> get_standard_option
('pve-node'),
1519 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1528 links
=> [ { rel
=> 'child', href
=> "{cmd}" } ],
1535 push @$res, { cmd
=> 'rollback' };
1536 push @$res, { cmd
=> 'config' };
1541 __PACKAGE__-
>register_method({
1542 name
=> 'update_snapshot_config',
1543 path
=> '{vmid}/snapshot/{snapname}/config',
1547 description
=> "Update snapshot metadata.",
1549 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1552 additionalProperties
=> 0,
1554 node
=> get_standard_option
('pve-node'),
1555 vmid
=> get_standard_option
('pve-vmid'),
1556 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1560 description
=> "A textual description or comment.",
1564 returns
=> { type
=> 'null' },
1568 my $rpcenv = PVE
::RPCEnvironment
::get
();
1570 my $authuser = $rpcenv->get_user();
1572 my $vmid = extract_param
($param, 'vmid');
1574 my $snapname = extract_param
($param, 'snapname');
1576 return undef if !defined($param->{description
});
1578 my $updatefn = sub {
1580 my $conf = PVE
::LXC
::load_config
($vmid);
1581 PVE
::LXC
::check_lock
($conf);
1583 my $snap = $conf->{snapshots
}->{$snapname};
1585 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1587 $snap->{'pve.snapcomment'} = $param->{description
} if defined($param->{description
});
1589 PVE
::LXC
::write_config
($vmid, $conf, 1);
1592 PVE
::LXC
::lock_container
($vmid, 10, $updatefn);
1597 __PACKAGE__-
>register_method({
1598 name
=> 'get_snapshot_config',
1599 path
=> '{vmid}/snapshot/{snapname}/config',
1602 description
=> "Get snapshot configuration",
1604 check
=> ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
1607 additionalProperties
=> 0,
1609 node
=> get_standard_option
('pve-node'),
1610 vmid
=> get_standard_option
('pve-vmid'),
1611 snapname
=> get_standard_option
('pve-lxc-snapshot-name'),
1614 returns
=> { type
=> "object" },
1618 my $rpcenv = PVE
::RPCEnvironment
::get
();
1620 my $authuser = $rpcenv->get_user();
1622 my $vmid = extract_param
($param, 'vmid');
1624 my $snapname = extract_param
($param, 'snapname');
1626 my $lxc_conf = PVE
::LXC
::load_config
($vmid);
1628 my $snap = $lxc_conf->{snapshots
}->{$snapname};
1630 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1632 my $conf = PVE
::LXC
::lxc_conf_to_pve
($param->{vmid
}, $snap);
1637 __PACKAGE__-
>register_method({
1638 name
=> 'vm_feature',
1639 path
=> '{vmid}/feature',
1643 description
=> "Check if feature for virtual machine is available.",
1645 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1648 additionalProperties
=> 0,
1650 node
=> get_standard_option
('pve-node'),
1651 vmid
=> get_standard_option
('pve-vmid'),
1653 description
=> "Feature to check.",
1655 enum
=> [ 'snapshot' ],
1657 snapname
=> get_standard_option
('pve-lxc-snapshot-name', {
1665 hasFeature
=> { type
=> 'boolean' },
1668 #items => { type => 'string' },
1675 my $node = extract_param
($param, 'node');
1677 my $vmid = extract_param
($param, 'vmid');
1679 my $snapname = extract_param
($param, 'snapname');
1681 my $feature = extract_param
($param, 'feature');
1683 my $conf = PVE
::LXC
::load_config
($vmid);
1686 my $snap = $conf->{snapshots
}->{$snapname};
1687 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1690 my $storecfg = PVE
::Storage
::config
();
1691 #Maybe include later
1692 #my $nodelist = PVE::LXC::shared_nodes($conf, $storecfg);
1693 my $hasFeature = PVE
::LXC
::has_feature
($feature, $conf, $storecfg, $snapname);
1696 hasFeature
=> $hasFeature,
1697 #nodes => [ keys %$nodelist ],