12 use PVE
::Tools
qw(extract_param);
15 use PVE
::RPCEnvironment
;
16 use PVE
::JSONSchema
qw(get_standard_option);
19 use PVE
::API2
::LXC
::Config
;
20 use PVE
::API2
::LXC
::Status
;
21 use PVE
::API2
::LXC
::Snapshot
;
25 use base
qw(PVE::CLIHandler);
27 my $nodename = PVE
::INotify
::nodename
();
31 my $status = PVE
::Tools
::upid_read_status
($upid);
32 exit($status eq 'OK' ?
0 : -1);
35 __PACKAGE__-
>register_method ({
39 description
=> "Show CT status.",
41 additionalProperties
=> 0,
43 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
45 description
=> "Verbose output format",
51 returns
=> { type
=> 'null'},
56 my $conf = PVE
::LXC
::Config-
>load_config ($param->{vmid
});
58 my $vmstatus = PVE
::LXC
::vmstatus
($param->{vmid
});
59 my $stat = $vmstatus->{$param->{vmid
}};
60 if ($param->{verbose
}) {
61 foreach my $k (sort (keys %$stat)) {
67 my $status = $stat->{status
} || 'unknown';
68 print "status: $status\n";
75 my $term = new Term
::ReadLine
('pct');
76 my $attribs = $term->Attribs;
77 $attribs->{redisplay_function
} = $attribs->{shadow_redisplay
};
78 my $input = $term->readline('Enter password: ');
79 my $conf = $term->readline('Retype password: ');
80 die "Passwords do not match.\n" if ($input ne $conf);
84 sub string_param_file_mapping
{
88 'create_vm' => ['ssh-public-keys'],
91 return defined($mapping->{$name}) ?
$mapping->{$name} : [];
94 __PACKAGE__-
>register_method ({
98 description
=> "Unlock the VM.",
100 additionalProperties
=> 0,
102 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
105 returns
=> { type
=> 'null'},
109 my $vmid = $param->{vmid
};
111 PVE
::LXC
::Config-
>remove_lock($vmid);
116 __PACKAGE__-
>register_method ({
120 description
=> "Launch a console for the specified container.",
122 additionalProperties
=> 0,
124 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
127 returns
=> { type
=> 'null' },
132 # test if container exists on this node
133 my $conf = PVE
::LXC
::Config-
>load_config($param->{vmid
});
135 my $cmd = PVE
::LXC
::get_console_command
($param->{vmid
}, $conf);
139 __PACKAGE__-
>register_method ({
143 description
=> "Launch a shell for the specified container.",
145 additionalProperties
=> 0,
147 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
150 returns
=> { type
=> 'null' },
155 my $vmid = $param->{vmid
};
157 # test if container exists on this node
158 PVE
::LXC
::Config-
>load_config($vmid);
160 die "Error: container '$vmid' not running!\n" if !PVE
::LXC
::check_running
($vmid);
162 exec('lxc-attach', '-n', $vmid);
165 __PACKAGE__-
>register_method ({
169 description
=> "Launch a command inside the specified container.",
171 additionalProperties
=> 0,
173 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
174 'extra-args' => get_standard_option
('extra-args'),
177 returns
=> { type
=> 'null' },
182 # test if container exists on this node
183 PVE
::LXC
::Config-
>load_config($param->{vmid
});
185 if (!@{$param->{'extra-args'}}) {
186 die "missing command";
188 exec('lxc-attach', '-n', $param->{vmid
}, '--', @{$param->{'extra-args'}});
191 __PACKAGE__-
>register_method ({
195 description
=> "Run a filesystem check (fsck) on a container volume.",
197 additionalProperties
=> 0,
199 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_stopped
}),
203 description
=> "Force checking, even if the filesystem seems clean",
209 description
=> "A volume on which to run the filesystem check",
210 enum
=> [PVE
::LXC
::Config-
>mountpoint_names()],
214 returns
=> { type
=> 'null' },
218 my $vmid = $param->{'vmid'};
219 my $device = defined($param->{'device'}) ?
$param->{'device'} : 'rootfs';
221 my $command = ['fsck', '-a', '-l'];
222 push(@$command, '-f') if $param->{force
};
224 # critical path: all of this will be done while the container is locked
227 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
228 my $storage_cfg = PVE
::Storage
::config
();
230 defined($conf->{$device}) || die "cannot run command on unexisting mountpoint $device\n";
232 my $mount_point = $device eq 'rootfs' ? PVE
::LXC
::Config-
>parse_ct_rootfs($conf->{$device}) :
233 PVE
::LXC
::Config-
>parse_ct_mountpoint($conf->{$device});
235 my $volid = $mount_point->{volume
};
238 my $storage_id = PVE
::Storage
::parse_volume_id
($volid, 1);
241 my (undef, undef, undef, undef, undef, undef, $format) =
242 PVE
::Storage
::parse_volname
($storage_cfg, $volid);
244 die "unable to run fsck for '$volid' (format == $format)\n"
247 $path = PVE
::Storage
::path
($storage_cfg, $volid);
250 if (($volid =~ m
|^/.+|) && (-b
$volid)) {
251 # pass block devices directly
254 die "path '$volid' does not point to a block device\n";
258 push(@$command, $path);
260 PVE
::LXC
::check_running
($vmid) &&
261 die "cannot run fsck on active container\n";
263 PVE
::Tools
::run_command
($command);
266 PVE
::LXC
::Config-
>lock_config($vmid, $do_fsck);
270 __PACKAGE__-
>register_method({
274 description
=> "Mount the container's filesystem on the host. " .
275 "This will hold a lock on the container and is meant for emergency maintenance only " .
276 "as it will prevent further operations on the container other than start and stop.",
278 additionalProperties
=> 0,
280 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
283 returns
=> { type
=> 'null' },
287 my $rpcenv = PVE
::RPCEnvironment
::get
();
289 my $vmid = extract_param
($param, 'vmid');
290 my $storecfg = PVE
::Storage
::config
();
291 PVE
::LXC
::Config-
>lock_config($vmid, sub {
292 my $conf = PVE
::LXC
::Config-
>set_lock($vmid, 'mounted');
293 PVE
::LXC
::mount_all
($vmid, $storecfg, $conf);
298 __PACKAGE__-
>register_method({
302 description
=> "Unmount the container's filesystem.",
304 additionalProperties
=> 0,
306 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
309 returns
=> { type
=> 'null' },
313 my $rpcenv = PVE
::RPCEnvironment
::get
();
315 my $vmid = extract_param
($param, 'vmid');
316 my $storecfg = PVE
::Storage
::config
();
317 PVE
::LXC
::Config-
>lock_config($vmid, sub {
318 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
319 PVE
::LXC
::umount_all
($vmid, $storecfg, $conf, 0);
320 PVE
::LXC
::Config-
>remove_lock($vmid, 'mounted');
325 __PACKAGE__-
>register_method({
329 description
=> "Get the container's current disk usage.",
331 additionalProperties
=> 0,
333 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
336 returns
=> { type
=> 'null' },
340 my $rpcenv = PVE
::RPCEnvironment
::get
();
342 # JSONSchema's format_size is exact, this uses floating point numbers
345 return $size if $size < 1024.;
347 return sprintf('%.1fK', ${size
}) if $size < 1024.;
349 return sprintf('%.1fM', ${size
}) if $size < 1024.;
351 return sprintf('%.1fG', ${size
}) if $size < 1024.;
353 return sprintf('%.1fT', ${size
}) if $size < 1024.;
356 my $vmid = extract_param
($param, 'vmid');
357 PVE
::LXC
::Config-
>lock_config($vmid, sub {
358 my $pid = eval { PVE
::LXC
::find_lxc_pid
($vmid) };
359 my ($conf, $rootdir, $storecfg, $mounted);
361 $conf = PVE
::LXC
::Config-
>set_lock($vmid, 'mounted');
362 $rootdir = "/var/lib/lxc/$vmid/rootfs";
363 $storecfg = PVE
::Storage
::config
();
364 PVE
::LXC
::mount_all
($vmid, $storecfg, $conf);
367 $conf = PVE
::LXC
::Config-
>load_config($vmid);
368 $rootdir = "/proc/$pid/root";
371 my @list = [qw(MP Volume Size Used Avail Use% Path)];
372 my @len = map { length($_) } @{$list[0]};
375 PVE
::LXC
::Config-
>foreach_mountpoint($conf, sub {
376 my ($name, $mp) = @_;
377 my $path = $mp->{mp
};
379 my $df = PVE
::Tools
::df
("$rootdir/$path", 3);
380 my $total = $format->($df->{total
});
381 my $used = $format->($df->{used
});
382 my $avail = $format->($df->{avail
});
384 my $pc = sprintf('%.1f', $df->{used
}/$df->{total
});
386 my $entry = [ $name, $mp->{volume
}, $total, $used, $avail, $pc, $path ];
389 foreach my $i (0..5) {
390 $len[$i] = length($entry->[$i])
391 if $len[$i] < length($entry->[$i]);
395 my $format = "%-$len[0]s %-$len[1]s %$len[2]s %$len[3]s %$len[4]s %$len[5]s %s\n";
396 printf($format, @$_) foreach @list;
401 PVE
::LXC
::umount_all
($vmid, $storecfg, $conf, 0);
402 PVE
::LXC
::Config-
>remove_lock($vmid, 'mounted');
408 # File creation with specified ownership and permissions.
409 # User and group can be names or decimal numbers.
410 # Permissions are explicit (not affected by umask) and can be numeric with the
411 # usual 0/0x prefixes for octal/hex.
413 my ($path, $perms, $user, $group) = @_;
415 if (defined($user)) {
416 if ($user =~ /^\d+$/) {
419 $uid = getpwnam($user) or die "failed to get uid for: $user\n"
422 if (defined($group)) {
423 if ($group =~ /^\d+$/) {
426 $gid = getgrnam($group) or die "failed to get gid for: $group\n"
430 if (defined($perms)) {
432 my ($mode, $unparsed) = POSIX
::strtoul
($perms, 0);
433 die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!;
438 if (sysopen($fd, $path, O_WRONLY
| O_CREAT
| O_EXCL
, 0)) {
439 $perms = 0666 & ~umask if !defined($perms);
441 # If the path previously existed then we do not care about left-over
442 # file descriptors even if the permissions/ownership is changed.
443 sysopen($fd, $path, O_WRONLY
| O_CREAT
| O_TRUNC
)
444 or die "failed to create file: $path: $!\n";
449 if (defined($perms)) {
454 if (defined($uid) || defined($gid)) {
456 my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid);
457 $uid = $fuid if !defined($uid);
458 $gid = $fgid if !defined($gid);
459 chown($uid, $gid, $fd)
460 or die "failed to change file owner: $!\n";
465 __PACKAGE__-
>register_method({
469 description
=> "Copy a file from the container to the local system.",
471 additionalProperties
=> 0,
473 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
476 description
=> "Path to a file inside the container to pull.",
480 description
=> "Destination",
484 description
=> 'Owner user name or id.',
489 description
=> 'Owner group name or id.',
494 description
=> "File permissions to use (octal by default, prefix with '0x' for hexadecimal).",
501 description
=> "the task ID.",
506 my $rpcenv = PVE
::RPCEnvironment
::get
();
508 my $vmid = extract_param
($param, 'vmid');
509 my $path = extract_param
($param, 'path');
510 my $dest = extract_param
($param, 'destination');
512 my $perms = extract_param
($param, 'perms');
513 # assume octal as default
514 $perms = "0$perms" if defined($perms) && $perms !~m/^0/;
515 my $user = extract_param
($param, 'user');
516 my $group = extract_param
($param, 'group');
519 my $running = PVE
::LXC
::check_running
($vmid);
520 die "can only pull files from a running VM" if !$running;
523 my $pid = PVE
::LXC
::find_lxc_pid
($vmid);
524 # Avoid symlink issues by opening the files from inside the
525 # corresponding namespaces.
526 my $destfd = create_file
($dest, $perms, $user, $group);
528 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
529 or die "failed to open the container's mount namespace\n";
530 PVE
::Tools
::setns
(fileno($mntnsfd), PVE
::Tools
::CLONE_NEWNS
)
531 or die "failed to enter the container's mount namespace\n";
533 chdir('/') or die "failed to change to container root directory\n";
535 open my $srcfd, '<', $path
536 or die "failed to open $path: $!\n";
538 copy
($srcfd, $destfd);
541 # This avoids having to setns() back to our namespace.
542 return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd);
545 return PVE
::LXC
::Config-
>lock_config($vmid, $code);
548 __PACKAGE__-
>register_method({
552 description
=> "Copy a local file to the container.",
554 additionalProperties
=> 0,
556 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
559 description
=> "Path to a local file.",
563 description
=> "Destination inside the container to write to.",
567 description
=> 'Owner user name or id. When using a name it must exist inside the container.',
572 description
=> 'Owner group name or id. When using a name it must exist inside the container.',
577 description
=> "File permissions to use (octal by default, prefix with '0x' for hexadecimal).",
584 description
=> "the task ID.",
589 my $rpcenv = PVE
::RPCEnvironment
::get
();
591 my $vmid = extract_param
($param, 'vmid');
592 my $file = extract_param
($param, 'file');
593 my $dest = extract_param
($param, 'destination');
595 my $perms = extract_param
($param, 'perms');
596 # assume octal as default
597 $perms = "0$perms" if defined($perms) && $perms !~m/^0/;
598 my $user = extract_param
($param, 'user');
599 my $group = extract_param
($param, 'group');
602 my $running = PVE
::LXC
::check_running
($vmid);
603 die "can only push files to a running VM" if !$running;
605 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
606 my $unprivileged = $conf->{unprivileged
};
609 my $pid = PVE
::LXC
::find_lxc_pid
($vmid);
610 # We open the file then enter the container's mount - and for
611 # unprivileged containers - user namespace and then create the
612 # file. This avoids symlink attacks as a symlink cannot point
613 # outside the namespace and our own access is equivalent to the
614 # container-local's root user. Also the user-passed -user and
615 # -group parameters will use the container-local's user and
617 sysopen my $srcfd, $file, O_RDONLY
618 or die "failed to open $file for reading\n";
620 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
621 or die "failed to open the container's mount namespace\n";
624 sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY
625 or die "failed to open the container's user namespace\n";
628 PVE
::Tools
::setns
(fileno($mntnsfd), PVE
::Tools
::CLONE_NEWNS
)
629 or die "failed to enter the container's mount namespace\n";
631 chdir('/') or die "failed to change to container root directory\n";
634 PVE
::Tools
::setns
(fileno($usernsfd), PVE
::Tools
::CLONE_NEWUSER
)
635 or die "failed to enter the container's user namespace\n";
637 POSIX
::setgid
(0) or die "setgid failed: $!\n";
638 POSIX
::setuid
(0) or die "setuid failed: $!\n";
641 my $destfd = create_file
($dest, $perms, $user, $group);
642 copy
($srcfd, $destfd);
645 # This avoids having to setns() back to our namespace.
646 return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd);
649 return PVE
::LXC
::Config-
>lock_config($vmid, $code);
653 list
=> [ 'PVE::API2::LXC', 'vmlist', [], { node
=> $nodename }, sub {
655 return if !scalar(@$res);
656 my $format = "%-10s %-10s %-12s %-20s\n";
657 printf($format, 'VMID', 'Status', 'Lock', 'Name');
658 foreach my $d (sort {$a->{vmid
} <=> $b->{vmid
} } @$res) {
659 printf($format, $d->{vmid
}, $d->{status
}, $d->{lock}, $d->{name
});
662 config
=> [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'],
663 { node
=> $nodename }, sub {
665 foreach my $k (sort (keys %$config)) {
666 next if $k eq 'digest';
668 my $v = $config->{$k};
669 if ($k eq 'description') {
670 $v = PVE
::Tools
::encode_text
($v);
674 if (defined($config->{'lxc'})) {
675 my $lxc_list = $config->{'lxc'};
676 foreach my $lxc_opt (@$lxc_list) {
677 print "$lxc_opt->[0]: $lxc_opt->[1]\n"
681 set
=> [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node
=> $nodename }],
683 resize
=> [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node
=> $nodename } ],
685 create
=> [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node
=> $nodename }, $upid_exit ],
686 restore
=> [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node
=> $nodename, restore
=> 1 }, $upid_exit ],
688 start
=> [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node
=> $nodename }, $upid_exit],
689 suspend
=> [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node
=> $nodename }, $upid_exit],
690 resume
=> [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node
=> $nodename }, $upid_exit],
691 shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node
=> $nodename }, $upid_exit],
692 stop
=> [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node
=> $nodename }, $upid_exit],
694 clone
=> [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node
=> $nodename }, $upid_exit ],
695 migrate
=> [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node
=> $nodename }, $upid_exit],
697 status
=> [ __PACKAGE__
, 'status', ['vmid']],
698 console
=> [ __PACKAGE__
, 'console', ['vmid']],
699 enter
=> [ __PACKAGE__
, 'enter', ['vmid']],
700 unlock
=> [ __PACKAGE__
, 'unlock', ['vmid']],
701 exec => [ __PACKAGE__
, 'exec', ['vmid', 'extra-args']],
702 fsck
=> [ __PACKAGE__
, 'fsck', ['vmid']],
704 mount
=> [ __PACKAGE__
, 'mount', ['vmid']],
705 unmount
=> [ __PACKAGE__
, 'unmount', ['vmid']],
706 push => [ __PACKAGE__
, 'push', ['vmid', 'file', 'destination']],
707 pull
=> [ __PACKAGE__
, 'pull', ['vmid', 'path', 'destination']],
709 df
=> [ __PACKAGE__
, 'df', ['vmid']],
711 destroy
=> [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'],
712 { node
=> $nodename }, $upid_exit ],
714 snapshot
=> [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'],
715 { node
=> $nodename } , $upid_exit ],
717 delsnapshot
=> [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node
=> $nodename } , $upid_exit ],
719 listsnapshot
=> [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node
=> $nodename },
722 foreach my $e (@$res) {
723 my $headline = $e->{description
} || 'no-description';
724 $headline =~ s/\n.*//sg;
725 my $parent = $e->{parent
} // 'no-parent';
726 printf("%-20s %-20s %s\n", $e->{name
}, $parent, $headline);
730 rollback
=> [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node
=> $nodename } , $upid_exit ],
732 template
=> [ "PVE::API2::LXC", 'template', ['vmid'], { node
=> $nodename }],
742 pct - Tool to manage Linux Containers (LXC) on Proxmox VE
750 pct is a tool to manages Linux Containers (LXC). You can create
751 and destroy containers, and control execution
752 (start/stop/suspend/resume). Besides that, you can use pct to set
753 parameters in the associated config file, like network configuration or
758 Create a container based on a Debian template
759 (provided you downloaded the template via the webgui before)
761 pct create 100 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz
767 Start a login session via getty
771 Enter the lxc namespace and run a shell as root user
775 Display the configuration
779 Add a network interface called eth0, bridged to the host bridge vmbr0,
780 set the address and gateway, while it's running
782 pct set 100 -net0 name=eth0,bridge=vmbr0,ip=192.168.15.147/24,gw=192.168.15.1
784 Reduce the memory of the container to 512MB
786 pct set -memory 512 100
790 /etc/pve/lxc/<vmid>.conf
792 Configuration file for the container <vmid>
796 L<B<qm(1)>>, L<B<pvesh(1)>>
798 =include pve_copyright