]> git.proxmox.com Git - pve-container.git/blob - src/PVE/CLI/pct.pm
projects / pve-container.git / blob
? search:


3ade2bac46aa7571625b2a52ebcaadd2eb4cd330
[pve-container.git] / src / PVE / CLI / pct.pm
1 package PVE::CLI::pct;
2
3 use strict;
4 use warnings;
5
6 use Fcntl;
7 use File::Copy 'copy';
8 use POSIX;
9
10 use PVE::CLIHandler;
11 use PVE::Cluster;
12 use PVE::CpuSet;
13 use PVE::Exception qw(raise_param_exc);
14 use PVE::GuestHelpers;
15 use PVE::INotify;
16 use PVE::JSONSchema qw(get_standard_option);
17 use PVE::LXC::CGroup;
18 use PVE::RPCEnvironment;
19 use PVE::SafeSyslog;
20 use PVE::Tools qw(extract_param);
21
22 use PVE::API2::LXC::Config;
23 use PVE::API2::LXC::Snapshot;
24 use PVE::API2::LXC::Status;
25 use PVE::API2::LXC;
26
27 use base qw(PVE::CLIHandler);
28
29 my $nodename = PVE::INotify::nodename();
30
31 my $upid_exit = sub {
32 my $upid = shift;
33 my $status = PVE::Tools::upid_read_status($upid);
34 exit(PVE::Tools::upid_status_is_error($status) ? -1 : 0);
35 };
36
37 sub setup_environment {
38 PVE::RPCEnvironment->setup_default_cli_env();
39 }
40
41 __PACKAGE__->register_method ({
42 name => 'status',
43 path => 'status',
44 method => 'GET',
45 description => "Show CT status.",
46 parameters => {
47 additionalProperties => 0,
48 properties => {
49 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
50 verbose => {
51 description => "Verbose output format",
52 type => 'boolean',
53 optional => 1,
54 }
55 },
56 },
57 returns => { type => 'null'},
58 code => sub {
59 my ($param) = @_;
60
61 # test if CT exists
62 my $conf = PVE::LXC::Config->load_config ($param->{vmid});
63
64 my $vmstatus = PVE::LXC::vmstatus($param->{vmid});
65 my $stat = $vmstatus->{$param->{vmid}};
66 if ($param->{verbose}) {
67 foreach my $k (sort (keys %$stat)) {
68 my $v = $stat->{$k};
69 next if !defined($v);
70 print "$k: $v\n";
71 }
72 } else {
73 my $status = $stat->{status} || 'unknown';
74 print "status: $status\n";
75 }
76
77 return undef;
78 }});
79
80 sub param_mapping {
81 my ($name) = @_;
82
83 my $mapping = {
84 'create_vm' => [
85 PVE::CLIHandler::get_standard_mapping('pve-password'),
86 'ssh-public-keys',
87 ],
88 };
89
90 return $mapping->{$name};
91 }
92
93 __PACKAGE__->register_method ({
94 name => 'unlock',
95 path => 'unlock',
96 method => 'PUT',
97 description => "Unlock the VM.",
98 parameters => {
99 additionalProperties => 0,
100 properties => {
101 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
102 },
103 },
104 returns => { type => 'null'},
105 code => sub {
106 my ($param) = @_;
107
108 my $vmid = $param->{vmid};
109
110 PVE::LXC::Config->remove_lock($vmid);
111
112 return undef;
113 }});
114
115 __PACKAGE__->register_method ({
116 name => 'console',
117 path => 'console',
118 method => 'GET',
119 description => "Launch a console for the specified container.",
120 parameters => {
121 additionalProperties => 0,
122 properties => {
123 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }),
124 escape => {
125 description => "Escape sequence prefix. For example to use <Ctrl+b q> as the escape sequence pass '^b'.",
126 default => '^a',
127 type => 'string',
128 pattern => '\^?[a-z]',
129 optional => 1,
130 },
131 },
132 },
133 returns => { type => 'null' },
134
135 code => sub {
136 my ($param) = @_;
137
138 # test if container exists on this node
139 my $conf = PVE::LXC::Config->load_config($param->{vmid});
140
141 my $cmd = PVE::LXC::get_console_command($param->{vmid}, $conf, $param->{escape});
142 exec(@$cmd);
143 }});
144
145 __PACKAGE__->register_method ({
146 name => 'enter',
147 path => 'enter',
148 method => 'GET',
149 description => "Launch a shell for the specified container.",
150 parameters => {
151 additionalProperties => 0,
152 properties => {
153 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }),
154 },
155 },
156 returns => { type => 'null' },
157
158 code => sub {
159 my ($param) = @_;
160
161 my $vmid = $param->{vmid};
162
163 PVE::LXC::Config->load_config($vmid); # test if container exists on this node
164 die "container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid);
165
166 exec('lxc-attach', '-n', $vmid);
167 }});
168
169 __PACKAGE__->register_method ({
170 name => 'exec',
171 path => 'exec',
172 method => 'GET',
173 description => "Launch a command inside the specified container.",
174 parameters => {
175 additionalProperties => 0,
176 properties => {
177 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }),
178 'extra-args' => get_standard_option('extra-args'),
179 },
180 },
181 returns => { type => 'null' },
182 code => sub {
183 my ($param) = @_;
184
185 my $vmid = $param->{vmid};
186 PVE::LXC::Config->load_config($vmid); # test if container exists on this node
187 die "container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid);
188
189 die "missing command" if !@{$param->{'extra-args'}};
190
191 exec('lxc-attach', '-n', $vmid, '--', @{$param->{'extra-args'}});
192 }});
193
194 __PACKAGE__->register_method ({
195 name => 'fsck',
196 path => 'fsck',
197 method => 'PUT',
198 description => "Run a filesystem check (fsck) on a container volume.",
199 parameters => {
200 additionalProperties => 0,
201 properties => {
202 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
203 force => {
204 optional => 1,
205 type => 'boolean',
206 description => "Force checking, even if the filesystem seems clean",
207 default => 0,
208 },
209 device => {
210 optional => 1,
211 type => 'string',
212 description => "A volume on which to run the filesystem check",
213 enum => [PVE::LXC::Config->valid_volume_keys()],
214 },
215 },
216 },
217 returns => { type => 'null' },
218 code => sub {
219 my ($param) = @_;
220
221 my $vmid = $param->{'vmid'};
222 my $device = defined($param->{'device'}) ? $param->{'device'} : 'rootfs';
223
224 my $command = ['fsck', '-a', '-l'];
225 push(@$command, '-f') if $param->{force};
226
227 # critical path: all of this will be done while the container is locked
228 my $do_fsck = sub {
229
230 my $conf = PVE::LXC::Config->load_config($vmid);
231 my $storage_cfg = PVE::Storage::config();
232
233 defined($conf->{$device}) || die "cannot run command on non-existing mount point $device\n";
234
235 my $mount_point = PVE::LXC::Config->parse_volume($device, $conf->{$device});
236
237 die "cannot run fsck when container is running\n"
238 if PVE::LXC::check_running($vmid);
239
240 my $volid = $mount_point->{volume};
241
242 my $path;
243 my $storage_id = PVE::Storage::parse_volume_id($volid, 1);
244
245 if ($storage_id) {
246 my (undef, undef, undef, undef, undef, undef, $format) =
247 PVE::Storage::parse_volname($storage_cfg, $volid);
248
249 die "unable to run fsck for '$volid' (format == $format)\n"
250 if $format ne 'raw';
251
252 $path = PVE::Storage::map_volume($storage_cfg, $volid);
253
254 } else {
255 if (($volid =~ m|^/.+|) && (-b $volid)) {
256 # pass block devices directly
257 $path = $volid;
258 } else {
259 die "path '$volid' does not point to a block device\n";
260 }
261 }
262
263 push(@$command, $path);
264 PVE::Tools::run_command($command);
265
266 PVE::Storage::unmap_volume($storage_cfg, $volid) if $storage_id;
267 };
268
269 PVE::LXC::Config->lock_config($vmid, $do_fsck);
270 return undef;
271 }});
272
273 __PACKAGE__->register_method({
274 name => 'mount',
275 path => 'mount',
276 method => 'POST',
277 description => "Mount the container's filesystem on the host. " .
278 "This will hold a lock on the container and is meant for emergency maintenance only " .
279 "as it will prevent further operations on the container other than start and stop.",
280 parameters => {
281 additionalProperties => 0,
282 properties => {
283 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
284 },
285 },
286 returns => { type => 'null' },
287 code => sub {
288 my ($param) = @_;
289
290 my $rpcenv = PVE::RPCEnvironment::get();
291
292 my $vmid = extract_param($param, 'vmid');
293 my $storecfg = PVE::Storage::config();
294 PVE::LXC::Config->lock_config($vmid, sub {
295 my $conf = PVE::LXC::Config->set_lock($vmid, 'mounted');
296 PVE::LXC::mount_all($vmid, $storecfg, $conf);
297 });
298
299 print "mounted CT $vmid in '/var/lib/lxc/$vmid/rootfs'\n";
300 return undef;
301 }});
302
303 __PACKAGE__->register_method({
304 name => 'unmount',
305 path => 'unmount',
306 method => 'POST',
307 description => "Unmount the container's filesystem.",
308 parameters => {
309 additionalProperties => 0,
310 properties => {
311 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
312 },
313 },
314 returns => { type => 'null' },
315 code => sub {
316 my ($param) = @_;
317
318 my $rpcenv = PVE::RPCEnvironment::get();
319
320 my $vmid = extract_param($param, 'vmid');
321 my $storecfg = PVE::Storage::config();
322 PVE::LXC::Config->lock_config($vmid, sub {
323 my $conf = PVE::LXC::Config->load_config($vmid);
324 PVE::LXC::umount_all($vmid, $storecfg, $conf, 0);
325 PVE::LXC::Config->remove_lock($vmid, 'mounted');
326 });
327 return undef;
328 }});
329
330 __PACKAGE__->register_method({
331 name => 'df',
332 path => 'df',
333 method => 'GET',
334 description => "Get the container's current disk usage.",
335 parameters => {
336 additionalProperties => 0,
337 properties => {
338 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
339 },
340 },
341 returns => { type => 'null' },
342 code => sub {
343 my ($param) = @_;
344
345 my $rpcenv = PVE::RPCEnvironment::get();
346
347 # JSONSchema's format_size is exact, this uses floating point numbers
348 my $format = sub {
349 my ($size) = @_;
350 return $size if $size < 1024.;
351 $size /= 1024.;
352 return sprintf('%.1fK', ${size}) if $size < 1024.;
353 $size /= 1024.;
354 return sprintf('%.1fM', ${size}) if $size < 1024.;
355 $size /= 1024.;
356 return sprintf('%.1fG', ${size}) if $size < 1024.;
357 $size /= 1024.;
358 return sprintf('%.1fT', ${size}) if $size < 1024.;
359 };
360
361 my $vmid = extract_param($param, 'vmid');
362 PVE::LXC::Config->lock_config($vmid, sub {
363 my $pid = eval { PVE::LXC::find_lxc_pid($vmid) };
364 my ($conf, $rootdir, $storecfg, $mounted);
365 if ($@ || !$pid) {
366 $conf = PVE::LXC::Config->set_lock($vmid, 'mounted');
367 $rootdir = "/var/lib/lxc/$vmid/rootfs";
368 $storecfg = PVE::Storage::config();
369 PVE::LXC::mount_all($vmid, $storecfg, $conf);
370 $mounted = 1;
371 } else {
372 $conf = PVE::LXC::Config->load_config($vmid);
373 $rootdir = "/proc/$pid/root";
374 }
375
376 my @list = [qw(MP Volume Size Used Avail Use% Path)];
377 my @len = map { length($_) } @{$list[0]};
378
379 eval {
380 PVE::LXC::Config->foreach_volume($conf, sub {
381 my ($name, $mp) = @_;
382 my $path = $mp->{mp};
383
384 my $df = PVE::Tools::df("$rootdir/$path", 3);
385 my $total = $format->($df->{total});
386 my $used = $format->($df->{used});
387 my $avail = $format->($df->{avail});
388
389 my $pc = sprintf('%.1f', $df->{used}/$df->{total});
390
391 my $entry = [ $name, $mp->{volume}, $total, $used, $avail, $pc, $path ];
392 push @list, $entry;
393
394 foreach my $i (0..5) {
395 $len[$i] = length($entry->[$i])
396 if $len[$i] < length($entry->[$i]);
397 }
398 });
399
400 my $format = "%-$len[0]s %-$len[1]s %$len[2]s %$len[3]s %$len[4]s %$len[5]s %s\n";
401 printf($format, @$_) foreach @list;
402 };
403 warn $@ if $@;
404
405 if ($mounted) {
406 PVE::LXC::umount_all($vmid, $storecfg, $conf, 0);
407 PVE::LXC::Config->remove_lock($vmid, 'mounted');
408 }
409 });
410 return undef;
411 }});
412
413 # File creation with specified ownership and permissions.
414 # User and group can be names or decimal numbers.
415 # Permissions are explicit (not affected by umask) and can be numeric with the
416 # usual 0/0x prefixes for octal/hex.
417 sub create_file {
418 my ($path, $perms, $user, $group) = @_;
419 my ($uid, $gid);
420 if (defined($user)) {
421 if ($user =~ /^\d+$/) {
422 $uid = int($user);
423 } else {
424 $uid = getpwnam($user);
425 die "failed to get uid for: $user\n" if !defined($uid);
426 }
427 }
428 if (defined($group)) {
429 if ($group =~ /^\d+$/) {
430 $gid = int($group);
431 } else {
432 $gid = getgrnam($group);
433 die "failed to get gid for: $group\n" if !defined($gid);
434 }
435 }
436
437 if (defined($perms)) {
438 $! = 0;
439 my ($mode, $unparsed) = POSIX::strtoul($perms, 0);
440 die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!;
441 $perms = $mode;
442 }
443
444 my $fd;
445 if (sysopen($fd, $path, O_WRONLY | O_CREAT | O_EXCL, 0)) {
446 $perms = 0666 & ~umask if !defined($perms);
447 } else {
448 # If the path previously existed then we do not care about left-over
449 # file descriptors even if the permissions/ownership is changed.
450 sysopen($fd, $path, O_WRONLY | O_CREAT | O_TRUNC)
451 or die "failed to create file: $path: $!\n";
452 }
453
454 my $trunc = 0;
455
456 if (defined($perms)) {
457 $trunc = 1;
458 chmod($perms, $fd);
459 }
460
461 if (defined($uid) || defined($gid)) {
462 $trunc = 1;
463 my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid);
464 $uid = $fuid if !defined($uid);
465 $gid = $fgid if !defined($gid);
466 chown($uid, $gid, $fd)
467 or die "failed to change file owner: $!\n";
468 }
469 return $fd;
470 }
471
472 __PACKAGE__->register_method ({
473 name => 'rescan',
474 path => 'rescan',
475 method => 'POST',
476 description => "Rescan all storages and update disk sizes and unused disk images.",
477 parameters => {
478 additionalProperties => 0,
479 properties => {
480 vmid => get_standard_option('pve-vmid', {
481 optional => 1,
482 completion => \&PVE::LXC::complete_ctid,
483 }),
484 dryrun => {
485 type => 'boolean',
486 optional => 1,
487 default => 0,
488 description => 'Do not actually write changes out to conifg.',
489 },
490 },
491 },
492 returns => { type => 'null'},
493 code => sub {
494 my ($param) = @_;
495
496 my $dryrun = $param->{dryrun};
497
498 print "NOTE: running in dry-run mode, won't write changes out!\n" if $dryrun;
499
500 PVE::LXC::rescan($param->{vmid}, 0, $dryrun);
501
502 return undef;
503 }});
504
505 __PACKAGE__->register_method({
506 name => 'pull',
507 path => 'pull',
508 method => 'PUT',
509 description => "Copy a file from the container to the local system.",
510 parameters => {
511 additionalProperties => 0,
512 properties => {
513 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
514 path => {
515 type => 'string',
516 description => "Path to a file inside the container to pull.",
517 },
518 destination => {
519 type => 'string',
520 description => "Destination",
521 },
522 user => {
523 type => 'string',
524 description => 'Owner user name or id.',
525 optional => 1,
526 },
527 group => {
528 type => 'string',
529 description => 'Owner group name or id.',
530 optional => 1,
531 },
532 perms => {
533 type => 'string',
534 description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).",
535 optional => 1,
536 },
537 },
538 },
539 returns => {
540 type => 'string',
541 description => "the task ID.",
542 },
543 code => sub {
544 my ($param) = @_;
545
546 my $rpcenv = PVE::RPCEnvironment::get();
547
548 my $vmid = extract_param($param, 'vmid');
549 my $path = extract_param($param, 'path');
550 my $dest = extract_param($param, 'destination');
551
552 my $perms = extract_param($param, 'perms');
553 # assume octal as default
554 $perms = "0$perms" if defined($perms) && $perms !~m/^0/;
555 my $user = extract_param($param, 'user');
556 my $group = extract_param($param, 'group');
557
558 my $code = sub {
559 my $running = PVE::LXC::check_running($vmid);
560 die "can only pull files from a running VM" if !$running;
561
562 my $realcmd = sub {
563 my $pid = PVE::LXC::find_lxc_pid($vmid);
564 # Avoid symlink issues by opening the files from inside the
565 # corresponding namespaces.
566 my $destfd = create_file($dest, $perms, $user, $group);
567
568 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
569 or die "failed to open the container's mount namespace\n";
570 PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS)
571 or die "failed to enter the container's mount namespace\n";
572 close($mntnsfd);
573 chdir('/') or die "failed to change to container root directory\n";
574
575 open my $srcfd, '<', $path
576 or die "failed to open $path: $!\n";
577
578 copy($srcfd, $destfd);
579 };
580
581 # This avoids having to setns() back to our namespace.
582 return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd);
583 };
584
585 return PVE::LXC::Config->lock_config($vmid, $code);
586 }});
587
588 __PACKAGE__->register_method({
589 name => 'push',
590 path => 'push',
591 method => 'PUT',
592 description => "Copy a local file to the container.",
593 parameters => {
594 additionalProperties => 0,
595 properties => {
596 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
597 file => {
598 type => 'string',
599 description => "Path to a local file.",
600 },
601 destination => {
602 type => 'string',
603 description => "Destination inside the container to write to.",
604 },
605 user => {
606 type => 'string',
607 description => 'Owner user name or id. When using a name it must exist inside the container.',
608 optional => 1,
609 },
610 group => {
611 type => 'string',
612 description => 'Owner group name or id. When using a name it must exist inside the container.',
613 optional => 1,
614 },
615 perms => {
616 type => 'string',
617 description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).",
618 optional => 1,
619 },
620 },
621 },
622 returns => {
623 type => 'string',
624 description => "the task ID.",
625 },
626 code => sub {
627 my ($param) = @_;
628
629 my $rpcenv = PVE::RPCEnvironment::get();
630
631 my $vmid = extract_param($param, 'vmid');
632 my $file = extract_param($param, 'file');
633 my $dest = extract_param($param, 'destination');
634
635 my $perms = extract_param($param, 'perms');
636 # assume octal as default
637 $perms = "0$perms" if defined($perms) && $perms !~m/^0/;
638 my $user = extract_param($param, 'user');
639 my $group = extract_param($param, 'group');
640
641 my $code = sub {
642 my $running = PVE::LXC::check_running($vmid);
643 die "can only push files to a running CT\n" if !$running;
644
645 my $conf = PVE::LXC::Config->load_config($vmid);
646 my $unprivileged = $conf->{unprivileged};
647
648 my $realcmd = sub {
649 my $pid = PVE::LXC::find_lxc_pid($vmid);
650 # We open the file then enter the container's mount - and for
651 # unprivileged containers - user namespace and then create the
652 # file. This avoids symlink attacks as a symlink cannot point
653 # outside the namespace and our own access is equivalent to the
654 # container-local's root user. Also the user-passed -user and
655 # -group parameters will use the container-local's user and
656 # group names.
657 sysopen my $srcfd, $file, O_RDONLY
658 or die "failed to open $file for reading\n";
659
660 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
661 or die "failed to open the container's mount namespace\n";
662 my $usernsfd;
663 if ($unprivileged) {
664 sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY
665 or die "failed to open the container's user namespace\n";
666 }
667
668 PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS)
669 or die "failed to enter the container's mount namespace\n";
670 close($mntnsfd);
671 chdir('/') or die "failed to change to container root directory\n";
672
673 if ($unprivileged) {
674 PVE::Tools::setns(fileno($usernsfd), PVE::Tools::CLONE_NEWUSER)
675 or die "failed to enter the container's user namespace\n";
676 close($usernsfd);
677 POSIX::setgid(0) or die "setgid failed: $!\n";
678 POSIX::setuid(0) or die "setuid failed: $!\n";
679 }
680
681 my $destfd = create_file($dest, $perms, $user, $group);
682 copy($srcfd, $destfd);
683 };
684
685 # This avoids having to setns() back to our namespace.
686 return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd);
687 };
688
689 return PVE::LXC::Config->lock_config($vmid, $code);
690 }});
691
692 __PACKAGE__->register_method ({
693 name => 'cpusets',
694 path => 'cpusets',
695 method => 'GET',
696 description => "Print the list of assigned CPU sets.",
697 parameters => {
698 additionalProperties => 0,
699 properties => {},
700 },
701 returns => { type => 'null'},
702 code => sub {
703 my ($param) = @_;
704
705 my $ctlist = PVE::LXC::config_list();
706
707 my $len = 0;
708 my $id_len = 0;
709 my $res = {};
710
711 foreach my $vmid (sort keys %$ctlist) {
712 my $cgroup = PVE::LXC::CGroup->new($vmid);
713
714 my ($cpuset, $path);
715 if (defined($path = $cgroup->get_path('cpuset', 1))) {
716 $cpuset = eval { PVE::CpuSet->new_from_path($path, 1); };
717 } elsif (defined($path = $cgroup->get_path(undef, 1))) {
718 $cpuset = eval { PVE::CpuSet->new_from_path($path, 1); };
719 } else {
720 # Container not running.
721 next;
722 }
723 if (my $err = $@) {
724 warn $err;
725 next;
726 }
727
728 my @cpuset_members = $cpuset->members();
729
730 my $line = ': ';
731
732 my $last = $cpuset_members[-1];
733
734 for (my $id = 0; $id <= $last; $id++) {
735 my $empty = ' ' x length("$id");
736 $line .= ' ' . ($cpuset->has($id) ? $id : $empty);
737 }
738 $len = length($line) if length($line) > $len;
739 $id_len = length($vmid) if length($vmid) > $id_len;
740
741 $res->{$vmid} = $line;
742 }
743
744 my @vmlist = sort keys %$res;
745
746 if (scalar(@vmlist)) {
747 my $header = '-' x ($len + $id_len) . "\n";
748
749 print $header;
750 foreach my $vmid (@vmlist) {
751 print sprintf("%${id_len}i%s\n", $vmid, $res->{$vmid});
752 }
753 print $header;
754
755 } else {
756 print "no running containers\n";
757 }
758
759 return undef;
760 }});
761
762 __PACKAGE__->register_method ({
763 name => 'fstrim',
764 path => 'fstrim',
765 method => 'POST',
766 description => "Run fstrim on a chosen CT and its mountpoints.",
767 parameters => {
768 additionalProperties => 0,
769 properties => {
770 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
771 'ignore-mountpoints' => {
772 description => 'Skip all mountpoints, only do fstrim on the container root.',
773 optional => 1,
774 type => 'boolean',
775 },
776 },
777 },
778 returns => { type => 'null' },
779 code => sub {
780
781 my ($param) = @_;
782 my $vmid = $param->{'vmid'};
783
784 my $rootdir = "/var/lib/lxc/$vmid/rootfs";
785
786 my $storecfg = PVE::Storage::config();
787 my $conf = PVE::LXC::Config->set_lock($vmid, 'fstrim');
788 eval {
789 my $path = "";
790 PVE::LXC::mount_all($vmid, $storecfg, $conf);
791 PVE::LXC::Config->foreach_volume($conf, sub {
792 my ($name, $mp) = @_;
793 $path = $mp->{mp};
794 return if $param->{'ignore-mountpoints'} && $name =~ /^mp\d+/;
795 my $cmd = ["fstrim", "-v", "$rootdir$path"];
796 PVE::Tools::run_command($cmd, noerr => 1);
797 });
798 };
799 warn $@ if $@;
800
801 PVE::LXC::umount_all($vmid, $storecfg, $conf, 0);
802 PVE::LXC::Config->remove_lock($vmid, 'fstrim');
803
804 return undef;
805 }});
806
807
808 __PACKAGE__->register_method({
809 name => 'remote_migrate_vm',
810 path => 'remote_migrate_vm',
811 method => 'POST',
812 description => "Migrate container to a remote cluster. Creates a new migration task. EXPERIMENTAL feature!",
813 permissions => {
814 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
815 },
816 parameters => {
817 additionalProperties => 0,
818 properties => {
819 node => get_standard_option('pve-node'),
820 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
821 'target-vmid' => get_standard_option('pve-vmid', { optional => 1 }),
822 'target-endpoint' => get_standard_option('proxmox-remote', {
823 description => "Remote target endpoint",
824 }),
825 online => {
826 type => 'boolean',
827 description => "Use online/live migration.",
828 optional => 1,
829 },
830 restart => {
831 type => 'boolean',
832 description => "Use restart migration",
833 optional => 1,
834 },
835 timeout => {
836 type => 'integer',
837 description => "Timeout in seconds for shutdown for restart migration",
838 optional => 1,
839 default => 180,
840 },
841 delete => {
842 type => 'boolean',
843 description => "Delete the original CT and related data after successful migration. By default the original CT is kept on the source cluster in a stopped state.",
844 optional => 1,
845 default => 0,
846 },
847 'target-storage' => get_standard_option('pve-targetstorage', {
848 completion => \&PVE::QemuServer::complete_migration_storage,
849 optional => 0,
850 }),
851 'target-bridge' => {
852 type => 'string',
853 description => "Mapping from source to target bridges. Providing only a single bridge ID maps all source bridges to that bridge. Providing the special value '1' will map each source bridge to itself.",
854 format => 'bridge-pair-list',
855 },
856 bwlimit => {
857 description => "Override I/O bandwidth limit (in KiB/s).",
858 optional => 1,
859 type => 'integer',
860 minimum => '0',
861 default => 'migrate limit from datacenter or storage config',
862 },
863 },
864 },
865 returns => {
866 type => 'string',
867 description => "the task ID.",
868 },
869 code => sub {
870 my ($param) = @_;
871
872 my $rpcenv = PVE::RPCEnvironment::get();
873 my $authuser = $rpcenv->get_user();
874
875 my $source_vmid = $param->{vmid};
876 my $target_endpoint = $param->{'target-endpoint'};
877 my $target_vmid = $param->{'target-vmid'} // $source_vmid;
878
879 my $remote = PVE::JSONSchema::parse_property_string('proxmox-remote', $target_endpoint);
880
881 # TODO: move this as helper somewhere appropriate?
882 my $conn_args = {
883 protocol => 'https',
884 host => $remote->{host},
885 port => $remote->{port} // 8006,
886 apitoken => $remote->{apitoken},
887 };
888
889 $conn_args->{cached_fingerprints} = { uc($remote->{fingerprint}) => 1 }
890 if defined($remote->{fingerprint});
891
892 my $api_client = PVE::APIClient::LWP->new(%$conn_args);
893 my $resources = $api_client->get("/cluster/resources", { type => 'vm' });
894 if (grep { defined($_->{vmid}) && $_->{vmid} eq $target_vmid } @$resources) {
895 raise_param_exc({ target_vmid => "Guest with ID '$target_vmid' already exists on remote cluster" });
896 }
897
898 my $storages = $api_client->get("/nodes/localhost/storage", { enabled => 1 });
899
900 my $storecfg = PVE::Storage::config();
901 my $target_storage = $param->{'target-storage'};
902 my $storagemap = eval { PVE::JSONSchema::parse_idmap($target_storage, 'pve-storage-id') };
903 raise_param_exc({ 'target-storage' => "failed to parse storage map: $@" })
904 if $@;
905
906 my $check_remote_storage = sub {
907 my ($storage) = @_;
908 my $found = [ grep { $_->{storage} eq $storage } @$storages ];
909 die "remote: storage '$storage' does not exist!\n"
910 if !@$found;
911
912 $found = @$found[0];
913
914 my $content_types = [ PVE::Tools::split_list($found->{content}) ];
915 die "remote: storage '$storage' cannot store CT rootdir\n"
916 if !grep { $_ eq 'rootdir' } @$content_types;
917 };
918
919 foreach my $target_sid (values %{$storagemap->{entries}}) {
920 $check_remote_storage->($target_sid);
921 }
922
923 $check_remote_storage->($storagemap->{default})
924 if $storagemap->{default};
925
926 return PVE::API2::LXC->remote_migrate_vm($param);
927 }});
928
929 our $cmddef = {
930 list=> [ 'PVE::API2::LXC', 'vmlist', [], { node => $nodename }, sub {
931 my $res = shift;
932 return if !scalar(@$res);
933 my $format = "%-10s %-10s %-12s %-20s\n";
934 printf($format, 'VMID', 'Status', 'Lock', 'Name');
935 foreach my $d (sort {$a->{vmid} <=> $b->{vmid} } @$res) {
936 my $lock = $d->{lock} || '';
937 printf($format, $d->{vmid}, $d->{status}, $lock, $d->{name});
938 }
939 }],
940 config => [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'], { node => $nodename }, sub {
941 my $config = shift;
942 for my $k (sort (keys %$config)) {
943 next if $k eq 'digest' || $k eq 'lxc';
944 my $v = $config->{$k};
945 if ($k eq 'description') {
946 $v = PVE::Tools::encode_text($v);
947 }
948 print "$k: $v\n";
949 }
950 if (defined(my $lxc_list = $config->{'lxc'})) {
951 for my $lxc_opt (@$lxc_list) {
952 print "$lxc_opt->[0]: $lxc_opt->[1]\n"
953 }
954 }
955 }],
956
957 pending => [ "PVE::API2::LXC", "vm_pending", ['vmid'], { node => $nodename }, \&PVE::GuestHelpers::format_pending ],
958 set => [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node => $nodename }],
959
960 resize => [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node => $nodename } ],
961
962 create => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename }, $upid_exit ],
963 restore => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename, restore => 1 }, $upid_exit ],
964 destroy => [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'], { node => $nodename }, $upid_exit ],
965
966 start => [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node => $nodename }, $upid_exit],
967 suspend => [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node => $nodename }, $upid_exit],
968 resume => [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node => $nodename }, $upid_exit],
969 shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node => $nodename }, $upid_exit],
970 stop => [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node => $nodename }, $upid_exit],
971 reboot => [ 'PVE::API2::LXC::Status', 'vm_reboot', ['vmid'], { node => $nodename }, $upid_exit],
972
973 clone => [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node => $nodename }, $upid_exit ],
974 migrate => [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node => $nodename }, $upid_exit],
975 'move-volume' => [ "PVE::API2::LXC", 'move_volume', ['vmid', 'volume', 'storage', 'target-vmid', 'target-volume'], { node => $nodename }, $upid_exit ],
976 move_volume => { alias => 'move-volume' },
977 'remote-migrate' => [ __PACKAGE__, 'remote_migrate_vm', ['vmid', 'target-vmid', 'target-endpoint'], { node => $nodename }, $upid_exit ],
978
979 snapshot => [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ],
980 delsnapshot => [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ],
981 listsnapshot => [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node => $nodename }, \&PVE::GuestHelpers::print_snapshot_tree ],
982 rollback => [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ],
983 template => [ "PVE::API2::LXC", 'template', ['vmid'], { node => $nodename }],
984
985 status => [ __PACKAGE__, 'status', ['vmid']],
986 console => [ __PACKAGE__, 'console', ['vmid']],
987 enter => [ __PACKAGE__, 'enter', ['vmid']],
988 unlock => [ __PACKAGE__, 'unlock', ['vmid']],
989 exec => [ __PACKAGE__, 'exec', ['vmid', 'extra-args']],
990 fsck => [ __PACKAGE__, 'fsck', ['vmid']],
991
992 mount => [ __PACKAGE__, 'mount', ['vmid']],
993 unmount => [ __PACKAGE__, 'unmount', ['vmid']],
994 push => [ __PACKAGE__, 'push', ['vmid', 'file', 'destination']],
995 pull => [ __PACKAGE__, 'pull', ['vmid', 'path', 'destination']],
996
997 df => [ __PACKAGE__, 'df', ['vmid']],
998 rescan => [ __PACKAGE__, 'rescan', []],
999 cpusets => [ __PACKAGE__, 'cpusets', []],
1000 fstrim => [ __PACKAGE__, 'fstrim', ['vmid']],
1001 };
1002
1003 1;
PVE Container Toolkit