use PVE::AccessControl;
use PVE::INotify;
use PVE::Network;
+use PVE::API2::Firewall::VM;
use Data::Dumper; # fixme: remove
{ subdir => 'snapshot' },
{ subdir => 'spiceproxy' },
{ subdir => 'sendkey' },
+ { subdir => 'firewall' },
];
return $res;
}});
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::VM",
+ path => '{vmid}/firewall',
+});
+
__PACKAGE__->register_method({
name => 'rrd',
path => '{vmid}/rrd',
PVE::Network::tap_rate_limit($iface, $newnet->{rate});
}
- if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag})){
- eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag});};
- PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag});
+ if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
+ PVE::Network::tap_unplug($iface);
+ PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
}
}else{
properties => {
node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'),
+ websocket => {
+ optional => 1,
+ type => 'boolean',
+ description => "starts websockify instead of vncproxy",
+ },
},
},
returns => {
my $vmid = $param->{vmid};
my $node = $param->{node};
+ my $websocket = $param->{websocket};
my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
$remip = PVE::Cluster::remote_node_ip($node);
- # NOTE: kvm VNC traffic is already TLS encrypted
+ # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
$remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
}
if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
+ die "Websocket mode is not supported in vga serial mode!" if $websocket;
+
my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
#my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
$cmd = ['/usr/bin/vncterm', '-rfbport', $port,
# also redirect stderr (else we get RFB protocol errors)
$cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
+
+ if ($websocket) {
+ $ENV{LC_PVE_TICKET} = $ticket;
+ $cmd = ["/usr/share/novnc-pve/utils/wsproxy.py", '--run-once', "--timeout=$timeout", "--idle-timeout=$timeout", '--ssl-only', '--cert', '/etc/pve/local/pve-ssl.pem', '--key', '/etc/pve/local/pve-ssl.key', $port, '--', @$cmd];
+ }
}
PVE::Tools::run_command($cmd);
my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
my $path = PVE::Storage::path($storecfg, $old_volid);
if ($used_paths->{$path}){
- warn "volume $old_volid have snapshots. Can't delete it";
+ warn "volume $old_volid have snapshots. Can't delete it\n";
PVE::QemuServer::add_unused_volume($conf, $old_volid);
PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
} else {