use PVE::QemuServer::Drive;
use PVE::QemuServer::CPUConfig;
use PVE::QemuServer::Monitor qw(mon_cmd);
+use PVE::QemuServer::Machine;
use PVE::QemuMigrate;
use PVE::RPCEnvironment;
use PVE::AccessControl;
my $volid;
if ($ds eq 'efidisk0') {
- ($volid, $size) = PVE::QemuServer::create_efidisk($storecfg, $storeid, $vmid, $fmt, $arch);
+ my $smm = PVE::QemuServer::Machine::machine_type_is_q35($conf);
+ ($volid, $size) = PVE::QemuServer::create_efidisk(
+ $storecfg, $storeid, $vmid, $fmt, $arch, $disk, $smm);
+ } elsif ($ds eq 'tpmstate0') {
+ # swtpm can only use raw volumes, and uses a fixed size
+ $size = PVE::Tools::convert_size(PVE::QemuServer::Drive::TPMSTATE_DISK_SIZE, 'b' => 'kb');
+ $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, "raw", undef, $size);
} else {
$volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, undef, $size);
}
sshkeys => 1,
};
+my $check_vm_create_serial_perm = sub {
+ my ($rpcenv, $authuser, $vmid, $pool, $param) = @_;
+
+ return 1 if $authuser eq 'root@pam';
+
+ foreach my $opt (keys %{$param}) {
+ next if $opt !~ m/^serial\d+$/;
+
+ if ($param->{$opt} eq 'socket') {
+ $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
+ } else {
+ die "only root can set '$opt' config for real devices\n";
+ }
+ }
+
+ return 1;
+};
+
+my $check_vm_create_usb_perm = sub {
+ my ($rpcenv, $authuser, $vmid, $pool, $param) = @_;
+
+ return 1 if $authuser eq 'root@pam';
+
+ foreach my $opt (keys %{$param}) {
+ next if $opt !~ m/^usb\d+$/;
+
+ if ($param->{$opt} =~ m/spice/) {
+ $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
+ } else {
+ die "only root can set '$opt' config for real devices\n";
+ }
+ }
+
+ return 1;
+};
+
my $check_vm_modify_config_perm = sub {
my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
proxyto => 'node',
protected => 1, # qemu pid files are only readable by root
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
full => {
protected => 1,
proxyto => 'node',
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => PVE::QemuServer::json_config_properties(
{
node => get_standard_option('pve-node'),
description => "Assign a unique random ethernet address.",
requires => 'archive',
},
+ 'live-restore' => {
+ optional => 1,
+ type => 'boolean',
+ description => "Start the VM immediately from the backup and restore in background. PBS only.",
+ requires => 'archive',
+ },
pool => {
optional => 1,
type => 'string', format => 'pve-poolid',
my $start_after_create = extract_param($param, 'start');
my $storage = extract_param($param, 'storage');
my $unique = extract_param($param, 'unique');
+ my $live_restore = extract_param($param, 'live-restore');
if (defined(my $ssh_keys = $param->{sshkeys})) {
$ssh_keys = URI::Escape::uri_unescape($ssh_keys);
&$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
+ &$check_vm_create_serial_perm($rpcenv, $authuser, $vmid, $pool, $param);
+ &$check_vm_create_usb_perm($rpcenv, $authuser, $vmid, $pool, $param);
+
&$check_cpu_model_access($rpcenv, $authuser, $param);
foreach my $opt (keys %$param) {
raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
if ($archive eq '-') {
- die "pipe requires cli environment\n"
- if $rpcenv->{type} ne 'cli';
+ die "pipe requires cli environment\n" if $rpcenv->{type} ne 'cli';
$archive = { type => 'pipe' };
} else {
PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
eval { PVE::QemuConfig->create_and_lock_config($vmid, $force) };
die "$emsg $@" if $@;
+ my $restored_data = 0;
my $restorefn = sub {
my $conf = PVE::QemuConfig->load_config($vmid);
pool => $pool,
unique => $unique,
bwlimit => $bwlimit,
+ live => $live_restore,
};
if ($archive->{type} eq 'file' || $archive->{type} eq 'pipe') {
+ die "live-restore is only compatible with backup images from a Proxmox Backup Server\n"
+ if $live_restore;
PVE::QemuServer::restore_file_archive($archive->{path} // '-', $vmid, $authuser, $restore_options);
} elsif ($archive->{type} eq 'pbs') {
PVE::QemuServer::restore_proxmox_backup_archive($archive->{volid}, $vmid, $authuser, $restore_options);
} else {
die "unknown backup archive type\n";
}
+ $restored_data = 1;
+
my $restored_conf = PVE::QemuConfig->load_config($vmid);
# Convert restored VM to template if backup was VM template
if (PVE::QemuConfig->is_template($restored_conf)) {
eval { PVE::QemuServer::template_create($vmid, $restored_conf) };
warn $@ if $@;
}
-
- PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
};
# ensure no old replication state are exists
PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
- if ($start_after_create) {
+ if ($start_after_create && !$live_restore) {
print "Execute autostart\n";
eval { PVE::API2::Qemu->vm_start({ vmid => $vmid, node => $node }) };
warn $@ if $@;
if (!$machine || $machine =~ m/^(?:pc|q35|virt)$/) {
# always pin Windows' machine version on create, they get to easily confused
if (PVE::QemuServer::windows_version($conf->{ostype})) {
- my $pin_version = PVE::QemuServer::kvm_user_version();
- if (!$machine || $machine eq 'pc') {
- $machine = "pc-i440fx-$pin_version";
- } elsif ($machine eq 'q35') {
- $machine = "pc-q35-$pin_version";
- }
- $conf->{machine} = $machine;
+ $conf->{machine} = PVE::QemuServer::windows_get_pinned_machine_version($machine);
}
}
if (my $err = $@) {
eval { PVE::QemuConfig->remove_lock($vmid, 'create') };
warn $@ if $@;
+ if ($restored_data) {
+ warn "error after data was restored, VM disks should be OK but config may "
+ ."require adaptions. VM $vmid state is NOT cleaned up.\n";
+ } else {
+ warn "error before or during data restore, some or all disks were not "
+ ."completely restored. VM $vmid state is NOT cleaned up.\n";
+ }
die $err;
}
};
user => 'all',
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
},
description => "Read VM RRD statistics (returns PNG)",
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
},
description => "Read VM RRD statistics",
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
}
my $bootorder_deleted = grep {$_ eq 'bootorder'} @delete;
+ my $check_drive_perms = sub {
+ my ($opt, $val) = @_;
+ my $drive = PVE::QemuServer::parse_drive($opt, $val);
+ # FIXME: cloudinit: CDROM or Disk?
+ if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
+ $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
+ } else {
+ $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
+ }
+ };
+
foreach my $opt (@delete) {
$modified->{$opt} = 1;
$conf = PVE::QemuConfig->load_config($vmid); # update/reload
}
} elsif (PVE::QemuServer::is_valid_drivename($opt)) {
PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
- my $drive = PVE::QemuServer::parse_drive($opt, $val);
- if (PVE::QemuServer::drive_is_cdrom($drive)) {
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
- } else {
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
- }
+ $check_drive_perms->($opt, $val);
PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $val))
if $is_pending_val;
PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
my $arch = PVE::QemuServer::get_vm_arch($conf);
if (PVE::QemuServer::is_valid_drivename($opt)) {
- my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
- # FIXME: cloudinit: CDROM or Disk?
- if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
- } else {
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
+ # old drive
+ if ($conf->{$opt}) {
+ $check_drive_perms->($opt, $conf->{$opt});
}
+
+ # new drive
+ $check_drive_perms->($opt, $param->{$opt});
PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
if defined($conf->{pending}->{$opt});
&$create_disks($rpcenv, $authuser, $conf->{pending}, $arch, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
+
+ # default legacy boot order implies all cdroms anyway
+ if (@bootorder) {
+ # append new CD drives to bootorder to mark them bootable
+ my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
+ if (PVE::QemuServer::drive_is_cdrom($drive, 1) && !grep(/^$opt$/, @bootorder)) {
+ push @bootorder, $opt;
+ $conf->{pending}->{boot} = PVE::QemuServer::print_bootorder(\@bootorder);
+ $modified->{boot} = 1;
+ }
+ }
} elsif ($opt =~ m/^serial\d+/) {
if ((!defined($conf->{$opt}) || $conf->{$opt} eq 'socket') && $param->{$opt} eq 'socket') {
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
if ($running) {
PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
} else {
- PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running, $errors);
+ PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $errors);
}
raise_param_exc($errors) if scalar(keys %$errors);
if (!$running) {
my $status = PVE::Tools::upid_read_status($upid);
- return if $status eq 'OK';
+ return if !PVE::Tools::upid_status_is_error($status);
die $status;
}
}
check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => PVE::QemuServer::json_config_properties(
{
node => get_standard_option('pve-node'),
check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => PVE::QemuServer::json_config_properties(
{
node => get_standard_option('pve-node'),
check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
description => "If set, destroy additionally all disks not referenced in the config"
." but with a matching VMID from all enabled storages.",
optional => 1,
- default => 1, # FIXME: replace to false in PVE 7.0, this is dangerous!
+ default => 0,
},
},
},
# repeat, config might have changed
my $ha_managed = $early_checks->();
- # FIXME: drop fallback to true with 7.0, to dangerous for default
- my $purge_unreferenced = $param->{'destroy-unreferenced-disks'} // 1;
+ my $purge_unreferenced = $param->{'destroy-unreferenced-disks'};
PVE::QemuServer::destroy_vm(
$storecfg,
check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
},
description => "Creates a TCP VNC proxy connections.",
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
},
},
returns => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
user => { type => 'string' },
ticket => { type => 'string' },
},
description => "Opens a weksocket for VNC traffic.",
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
},
description => "Returns a SPICE configuration to connect to the VM.",
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
user => 'all',
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid',
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
]
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
PVE::Storage::storage_check_enabled($storecfg, $storage);
if ($target) {
# check if storage is available on target node
- PVE::Storage::storage_check_node($storecfg, $storage, $target);
+ PVE::Storage::storage_check_enabled($storecfg, $storage, $target);
# clone only works if target storage is shared
my $scfg = PVE::Storage::storage_config($storecfg, $storage);
die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
my $total_jobs = scalar(keys %{$drives});
my $i = 1;
- foreach my $opt (keys %$drives) {
+ foreach my $opt (sort keys %$drives) {
my $drive = $drives->{$opt};
my $skipcomplete = ($total_jobs != $i); # finish after last drive
my $completion = $skipcomplete ? 'skip' : 'complete';
],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
if (my $targetstorage = $param->{targetstorage}) {
my $check_storage = sub {
my ($target_sid) = @_;
- PVE::Storage::storage_check_node($storecfg, $target_sid, $target);
+ PVE::Storage::storage_check_enabled($storecfg, $target_sid, $target);
$rpcenv->check($authuser, "/storage/$target_sid", ['Datastore.AllocateSpace']);
my $scfg = PVE::Storage::storage_config($storecfg, $target_sid);
raise_param_exc({ targetstorage => "storage '$target_sid' does not support vm images"})
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk'])
if !defined($storagemap->{identity});
- foreach my $source (values %{$storagemap->{entries}}) {
- $check_storage->($source);
+ foreach my $target_sid (values %{$storagemap->{entries}}) {
+ $check_storage->($target_sid);
}
$check_storage->($storagemap->{default})
check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
},
parameters => {
- additionalProperties => 0,
- properties => {
+ additionalProperties => 0,
+ properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
skiplock => get_standard_option('skiplock'),
proxyto => 'node',
protected => 1, # qemu pid files are only readable by root
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
node => get_standard_option('pve-node'),
user => 'all',
},
parameters => {
- additionalProperties => 0,
+ additionalProperties => 0,
properties => {
vmid => get_standard_option('pve-vmid'),
node => get_standard_option('pve-node'),
},
},
- returns => { type => 'null'},
+ returns => {
+ type => 'string',
+ description => "the task ID.",
+ },
code => sub {
my ($param) = @_;
my $disk = extract_param($param, 'disk');
- my $updatefn = sub {
-
+ my $load_and_check = sub {
my $conf = PVE::QemuConfig->load_config($vmid);
PVE::QemuConfig->check_lock($conf);
die "you can't convert a VM to template if VM is running\n"
if PVE::QemuServer::check_running($vmid);
- my $realcmd = sub {
- PVE::QemuServer::template_create($vmid, $conf, $disk);
- };
+ return $conf;
+ };
- $conf->{template} = 1;
- PVE::QemuConfig->write_config($vmid, $conf);
+ $load_and_check->();
+
+ my $realcmd = sub {
+ PVE::QemuConfig->lock_config($vmid, sub {
+ my $conf = $load_and_check->();
- return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
+ $conf->{template} = 1;
+ PVE::QemuConfig->write_config($vmid, $conf);
+
+ PVE::QemuServer::template_create($vmid, $conf, $disk);
+ });
};
- PVE::QemuConfig->lock_config($vmid, $updatefn);
- return;
+ return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
}});
__PACKAGE__->register_method({