]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/CLI/pct.pm
12 use PVE
::Tools
qw(extract_param);
15 use PVE
::RPCEnvironment
;
16 use PVE
::JSONSchema
qw(get_standard_option);
19 use PVE
::API2
::LXC
::Config
;
20 use PVE
::API2
::LXC
::Status
;
21 use PVE
::API2
::LXC
::Snapshot
;
25 use base
qw(PVE::CLIHandler);
27 my $nodename = PVE
::INotify
::nodename
();
31 my $status = PVE
::Tools
::upid_read_status
($upid);
32 exit($status eq 'OK' ?
0 : -1);
36 my $term = new Term
::ReadLine
('pct');
37 my $attribs = $term->Attribs;
38 $attribs->{redisplay_function
} = $attribs->{shadow_redisplay
};
39 my $input = $term->readline('Enter password: ');
40 my $conf = $term->readline('Retype password: ');
41 die "Passwords do not match.\n" if ($input ne $conf);
45 __PACKAGE__-
>register_method ({
49 description
=> "Unlock the VM.",
51 additionalProperties
=> 0,
53 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
56 returns
=> { type
=> 'null'},
60 my $vmid = $param->{vmid
};
62 PVE
::LXC
::Config-
>remove_lock($vmid);
67 __PACKAGE__-
>register_method ({
71 description
=> "Launch a console for the specified container.",
73 additionalProperties
=> 0,
75 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
78 returns
=> { type
=> 'null' },
83 # test if container exists on this node
84 my $conf = PVE
::LXC
::Config-
>load_config($param->{vmid
});
86 my $cmd = PVE
::LXC
::get_console_command
($param->{vmid
}, $conf);
90 __PACKAGE__-
>register_method ({
94 description
=> "Launch a shell for the specified container.",
96 additionalProperties
=> 0,
98 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
101 returns
=> { type
=> 'null' },
106 my $vmid = $param->{vmid
};
108 # test if container exists on this node
109 PVE
::LXC
::Config-
>load_config($vmid);
111 die "Error: container '$vmid' not running!\n" if !PVE
::LXC
::check_running
($vmid);
113 exec('lxc-attach', '-n', $vmid);
116 __PACKAGE__-
>register_method ({
120 description
=> "Launch a command inside the specified container.",
122 additionalProperties
=> 0,
124 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_running
}),
125 'extra-args' => get_standard_option
('extra-args'),
128 returns
=> { type
=> 'null' },
133 # test if container exists on this node
134 PVE
::LXC
::Config-
>load_config($param->{vmid
});
136 if (!@{$param->{'extra-args'}}) {
137 die "missing command";
139 exec('lxc-attach', '-n', $param->{vmid
}, '--', @{$param->{'extra-args'}});
142 __PACKAGE__-
>register_method ({
146 description
=> "Run a filesystem check (fsck) on a container volume.",
148 additionalProperties
=> 0,
150 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid_stopped
}),
154 description
=> "Force checking, even if the filesystem seems clean",
160 description
=> "A volume on which to run the filesystem check",
161 enum
=> [PVE
::LXC
::Config-
>mountpoint_names()],
165 returns
=> { type
=> 'null' },
169 my $vmid = $param->{'vmid'};
170 my $device = defined($param->{'device'}) ?
$param->{'device'} : 'rootfs';
172 my $command = ['fsck', '-a', '-l'];
173 push(@$command, '-f') if $param->{force
};
175 # critical path: all of this will be done while the container is locked
178 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
179 my $storage_cfg = PVE
::Storage
::config
();
181 defined($conf->{$device}) || die "cannot run command on unexisting mountpoint $device\n";
183 my $mount_point = $device eq 'rootfs' ? PVE
::LXC
::Config-
>parse_ct_rootfs($conf->{$device}) :
184 PVE
::LXC
::Config-
>parse_ct_mountpoint($conf->{$device});
186 my $volid = $mount_point->{volume
};
189 my $storage_id = PVE
::Storage
::parse_volume_id
($volid, 1);
192 my (undef, undef, undef, undef, undef, undef, $format) =
193 PVE
::Storage
::parse_volname
($storage_cfg, $volid);
195 die "unable to run fsck for '$volid' (format == $format)\n"
198 $path = PVE
::Storage
::path
($storage_cfg, $volid);
201 if (($volid =~ m
|^/.+|) && (-b
$volid)) {
202 # pass block devices directly
205 die "path '$volid' does not point to a block device\n";
209 push(@$command, $path);
211 PVE
::LXC
::check_running
($vmid) &&
212 die "cannot run fsck on active container\n";
214 PVE
::Tools
::run_command
($command);
217 PVE
::LXC
::Config-
>lock_config($vmid, $do_fsck);
221 __PACKAGE__-
>register_method({
225 description
=> "Mount the container's filesystem on the host. " .
226 "This will hold a lock on the container and is meant for emergency maintenance only " .
227 "as it will prevent further operations on the container other than start and stop.",
229 additionalProperties
=> 0,
231 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
234 returns
=> { type
=> 'null' },
238 my $rpcenv = PVE
::RPCEnvironment
::get
();
240 my $vmid = extract_param
($param, 'vmid');
241 my $storecfg = PVE
::Storage
::config
();
242 PVE
::LXC
::Config-
>lock_config($vmid, sub {
243 my $conf = PVE
::LXC
::Config-
>set_lock($vmid, 'mounted');
244 PVE
::LXC
::mount_all
($vmid, $storecfg, $conf);
249 __PACKAGE__-
>register_method({
253 description
=> "Unmount the container's filesystem.",
255 additionalProperties
=> 0,
257 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
260 returns
=> { type
=> 'null' },
264 my $rpcenv = PVE
::RPCEnvironment
::get
();
266 my $vmid = extract_param
($param, 'vmid');
267 my $storecfg = PVE
::Storage
::config
();
268 PVE
::LXC
::Config-
>lock_config($vmid, sub {
269 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
270 PVE
::LXC
::umount_all
($vmid, $storecfg, $conf, 0);
271 PVE
::LXC
::Config-
>remove_lock($vmid, 'mounted');
276 # File creation with specified ownership and permissions.
277 # User and group can be names or decimal numbers.
278 # Permissions are explicit (not affected by umask) and can be numeric with the
279 # usual 0/0x prefixes for octal/hex.
281 my ($path, $perms, $user, $group) = @_;
283 if (defined($user)) {
284 if ($user =~ /^\d+$/) {
287 $uid = getpwnam($user) or die "failed to get uid for: $user\n"
290 if (defined($group)) {
291 if ($group =~ /^\d+$/) {
294 $gid = getgrnam($group) or die "failed to get gid for: $group\n"
298 if (defined($perms)) {
300 my ($mode, $unparsed) = POSIX
::strtoul
($perms, 0);
301 die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!;
306 if (sysopen($fd, $path, O_WRONLY
| O_CREAT
| O_EXCL
, 0)) {
307 $perms = 0666 & ~umask if !defined($perms);
309 # If the path previously existed then we do not care about left-over
310 # file descriptors even if the permissions/ownership is changed.
311 sysopen($fd, $path, O_WRONLY
| O_CREAT
| O_TRUNC
)
312 or die "failed to create file: $path: $!\n";
317 if (defined($perms)) {
322 if (defined($uid) || defined($gid)) {
324 my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid);
325 $uid = $fuid if !defined($uid);
326 $gid = $fgid if !defined($gid);
327 chown($uid, $gid, $fd)
328 or die "failed to change file owner: $!\n";
333 __PACKAGE__-
>register_method({
337 description
=> "Copy a file from the container to the local system.",
339 additionalProperties
=> 0,
341 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
344 description
=> "Path to a file inside the container to pull.",
348 description
=> "Destination",
352 description
=> 'Owner user name or id.',
357 description
=> 'Owner group name or id.',
362 description
=> 'File permissions to use.',
369 description
=> "the task ID.",
374 my $rpcenv = PVE
::RPCEnvironment
::get
();
376 my $vmid = extract_param
($param, 'vmid');
377 my $path = extract_param
($param, 'path');
378 my $dest = extract_param
($param, 'destination');
380 my $perms = extract_param
($param, 'perms');
381 my $user = extract_param
($param, 'user');
382 my $group = extract_param
($param, 'group');
385 my $running = PVE
::LXC
::check_running
($vmid);
386 die "can only pull files from a running VM" if !$running;
389 my $pid = PVE
::LXC
::find_lxc_pid
($vmid);
390 # Avoid symlink issues by opening the files from inside the
391 # corresponding namespaces.
392 my $destfd = create_file
($dest, $perms, $user, $group);
394 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
395 or die "failed to open the container's mount namespace\n";
396 PVE
::Tools
::setns
(fileno($mntnsfd), PVE
::Tools
::CLONE_NEWNS
)
397 or die "failed to enter the container's mount namespace\n";
399 chdir('/') or die "failed to change to container root directory\n";
401 open my $srcfd, '<', $path
402 or die "failed to open $path: $!\n";
404 copy
($srcfd, $destfd);
407 # This avoids having to setns() back to our namespace.
408 return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd);
411 return PVE
::LXC
::Config-
>lock_config($vmid, $code);
414 __PACKAGE__-
>register_method({
418 description
=> "Copy a local file to the container.",
420 additionalProperties
=> 0,
422 vmid
=> get_standard_option
('pve-vmid', { completion
=> \
&PVE
::LXC
::complete_ctid
}),
425 description
=> "Path to a local file.",
429 description
=> "Destination inside the container to write to.",
433 description
=> 'Owner user name or id. When using a name it must exist inside the container.',
438 description
=> 'Owner group name or id. When using a name it must exist inside the container.',
443 description
=> 'File permissions to use.',
450 description
=> "the task ID.",
455 my $rpcenv = PVE
::RPCEnvironment
::get
();
457 my $vmid = extract_param
($param, 'vmid');
458 my $file = extract_param
($param, 'file');
459 my $dest = extract_param
($param, 'destination');
461 my $perms = extract_param
($param, 'perms');
462 my $user = extract_param
($param, 'user');
463 my $group = extract_param
($param, 'group');
466 my $running = PVE
::LXC
::check_running
($vmid);
467 die "can only push files to a running VM" if !$running;
469 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
470 my $unprivileged = $conf->{unprivileged
};
473 my $pid = PVE
::LXC
::find_lxc_pid
($vmid);
474 # We open the file then enter the container's mount - and for
475 # unprivileged containers - user namespace and then create the
476 # file. This avoids symlink attacks as a symlink cannot point
477 # outside the namespace and our own access is equivalent to the
478 # container-local's root user. Also the user-passed -user and
479 # -group parameters will use the container-local's user and
481 sysopen my $srcfd, $file, O_RDONLY
482 or die "failed to open $file for reading\n";
484 sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY
485 or die "failed to open the container's mount namespace\n";
488 sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY
489 or die "failed to open the container's user namespace\n";
492 PVE
::Tools
::setns
(fileno($mntnsfd), PVE
::Tools
::CLONE_NEWNS
)
493 or die "failed to enter the container's mount namespace\n";
495 chdir('/') or die "failed to change to container root directory\n";
498 PVE
::Tools
::setns
(fileno($usernsfd), PVE
::Tools
::CLONE_NEWUSER
)
499 or die "failed to enter the container's user namespace\n";
501 POSIX
::setgid
(0) or die "setgid failed: $!\n";
502 POSIX
::setuid
(0) or die "setuid failed: $!\n";
505 my $destfd = create_file
($dest, $perms, $user, $group);
506 copy
($srcfd, $destfd);
509 # This avoids having to setns() back to our namespace.
510 return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd);
513 return PVE
::LXC
::Config-
>lock_config($vmid, $code);
517 list
=> [ 'PVE::API2::LXC', 'vmlist', [], { node
=> $nodename }, sub {
519 return if !scalar(@$res);
520 my $format = "%-10s %-10s %-12s %-20s\n";
521 printf($format, 'VMID', 'Status', 'Lock', 'Name');
522 foreach my $d (sort {$a->{vmid
} <=> $b->{vmid
} } @$res) {
523 printf($format, $d->{vmid
}, $d->{status
}, $d->{lock}, $d->{name
});
526 config
=> [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'],
527 { node
=> $nodename }, sub {
529 foreach my $k (sort (keys %$config)) {
530 next if $k eq 'digest';
531 my $v = $config->{$k};
532 if ($k eq 'description') {
533 $v = PVE
::Tools
::encode_text
($v);
538 set
=> [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node
=> $nodename }],
540 resize
=> [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node
=> $nodename } ],
542 create
=> [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node
=> $nodename }, $upid_exit ],
543 restore
=> [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node
=> $nodename, restore
=> 1 }, $upid_exit ],
545 start
=> [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node
=> $nodename }, $upid_exit],
546 suspend
=> [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node
=> $nodename }, $upid_exit],
547 resume
=> [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node
=> $nodename }, $upid_exit],
548 shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node
=> $nodename }, $upid_exit],
549 stop
=> [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node
=> $nodename }, $upid_exit],
551 clone
=> [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node
=> $nodename }, $upid_exit ],
552 migrate
=> [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node
=> $nodename }, $upid_exit],
554 console
=> [ __PACKAGE__
, 'console', ['vmid']],
555 enter
=> [ __PACKAGE__
, 'enter', ['vmid']],
556 unlock
=> [ __PACKAGE__
, 'unlock', ['vmid']],
557 exec => [ __PACKAGE__
, 'exec', ['vmid', 'extra-args']],
558 fsck
=> [ __PACKAGE__
, 'fsck', ['vmid']],
560 mount
=> [ __PACKAGE__
, 'mount', ['vmid']],
561 unmount
=> [ __PACKAGE__
, 'unmount', ['vmid']],
562 push => [ __PACKAGE__
, 'push', ['vmid', 'file', 'destination']],
563 pull
=> [ __PACKAGE__
, 'pull', ['vmid', 'path', 'destination']],
565 destroy
=> [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'],
566 { node
=> $nodename }, $upid_exit ],
568 snapshot
=> [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'],
569 { node
=> $nodename } , $upid_exit ],
571 delsnapshot
=> [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node
=> $nodename } , $upid_exit ],
573 listsnapshot
=> [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node
=> $nodename },
576 foreach my $e (@$res) {
577 my $headline = $e->{description
} || 'no-description';
578 $headline =~ s/\n.*//sg;
579 my $parent = $e->{parent
} // 'no-parent';
580 printf("%-20s %-20s %s\n", $e->{name
}, $parent, $headline);
584 rollback
=> [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node
=> $nodename } , $upid_exit ],
586 template
=> [ "PVE::API2::LXC", 'template', ['vmid'], { node
=> $nodename }],
596 pct - Tool to manage Linux Containers (LXC) on Proxmox VE
604 pct is a tool to manages Linux Containers (LXC). You can create
605 and destroy containers, and control execution
606 (start/stop/suspend/resume). Besides that, you can use pct to set
607 parameters in the associated config file, like network configuration or
612 Create a container based on a Debian template
613 (provided you downloaded the template via the webgui before)
615 pct create 100 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz
621 Start a login session via getty
625 Enter the lxc namespace and run a shell as root user
629 Display the configuration
633 Add a network interface called eth0, bridged to the host bridge vmbr0,
634 set the address and gateway, while it's running
636 pct set 100 -net0 name=eth0,bridge=vmbr0,ip=192.168.15.147/24,gw=192.168.15.1
638 Reduce the memory of the container to 512MB
640 pct set -memory 512 100
644 /etc/pve/lxc/<vmid>.conf
646 Configuration file for the container <vmid>
650 L<B<qm(1)>>, L<B<pvesh(1)>>
652 =include pve_copyright