X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=PVE%2FAPI2%2FQemu.pm;h=c566c4d8d2a153c3371d1031ea89e3f6480dfad4;hb=dd32a4664f3f13fc5bf2490b796e8b27f98e0156;hp=34a5d5d906ad37569d2947df2d8bd133a2c172ed;hpb=f90912016ab521a4145c2b63d72b4591d75ecf4b;p=qemu-server.git diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index 34a5d5d..c566c4d 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -5,6 +5,8 @@ use warnings; use Cwd 'abs_path'; use Net::SSLeay; use UUID; +use POSIX; +use IO::Socket::IP; use PVE::Cluster qw (cfs_read_file cfs_write_file);; use PVE::SafeSyslog; @@ -22,8 +24,15 @@ use PVE::INotify; use PVE::Network; use PVE::Firewall; use PVE::API2::Firewall::VM; -use PVE::HA::Env::PVE2; -use PVE::HA::Config; + +BEGIN { + if (!$ENV{PVE_GENERATING_DOCS}) { + require PVE::HA::Env::PVE2; + import PVE::HA::Env::PVE2; + require PVE::HA::Config; + import PVE::HA::Config; + } +} use Data::Dumper; # fixme: remove @@ -60,7 +69,7 @@ my $check_storage_access = sub { die "no storage ID specified (and no default storage)\n" if !$storeid; $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']); } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid); } }); }; @@ -110,7 +119,8 @@ my $create_disks = sub { my $vollist = []; my $res = {}; - PVE::QemuServer::foreach_drive($settings, sub { + + my $code = sub { my ($ds, $disk) = @_; my $volid = $disk->{file}; @@ -118,7 +128,7 @@ my $create_disks = sub { if (!$volid || $volid eq 'none' || $volid eq 'cdrom') { delete $disk->{size}; $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); - } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) { + } elsif ($volid =~ m!^(([^/:\s]+):)?(\d+(\.\d+)?)$!) { my ($storeid, $size) = ($2 || $default_storage, $3); die "no storage ID specified (and no default storage)\n" if !$storeid; my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid); @@ -157,7 +167,7 @@ my $create_disks = sub { $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid); my $volid_is_new = 1; @@ -181,7 +191,9 @@ my $create_disks = sub { $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); } - }); + }; + + eval { PVE::QemuServer::foreach_drive($settings, $code); }; # free allocated images on error if (my $err = $@) { @@ -474,7 +486,7 @@ __PACKAGE__->register_method({ die "pipe requires cli environment\n" if $rpcenv->{type} ne 'cli'; } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive); $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive); } } @@ -614,6 +626,7 @@ __PACKAGE__->register_method({ { subdir => 'rrd' }, { subdir => 'rrddata' }, { subdir => 'monitor' }, + { subdir => 'agent' }, { subdir => 'snapshot' }, { subdir => 'spiceproxy' }, { subdir => 'sendkey' }, @@ -997,6 +1010,12 @@ my $update_vm_api = sub { foreach my $opt (@delete) { $modified->{$opt} = 1; $conf = PVE::QemuConfig->load_config($vmid); # update/reload + if (!defined($conf->{$opt})) { + warn "cannot delete '$opt' - not set in current configuration!\n"; + $modified->{$opt} = 0; + next; + } + if ($opt =~ m/^unused/) { my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt}); PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'"); @@ -1034,6 +1053,12 @@ my $update_vm_api = sub { if defined($conf->{pending}->{$opt}); &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}}); + } elsif ($opt eq "replicate") { + # check if all volumes have replicate feature + PVE::QemuConfig->get_replicatable_volumes($storecfg, $conf); + my $repl = PVE::JSONSchema::check_format('pve-replicate', $param->{opt}); + PVE::Cluster::check_node_exists($repl->{target}); + $conf->{$opt} = $param->{$opt}; } else { $conf->{pending}->{$opt} = $param->{$opt}; } @@ -1400,24 +1425,41 @@ __PACKAGE__->register_method({ $cmd = ['/usr/bin/vncterm', '-rfbport', $port, '-timeout', $timeout, '-authpath', $authpath, '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd]; + PVE::Tools::run_command($cmd); } else { $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy" - my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; - - my $qmstr = join(' ', @$qmcmd); - - # also redirect stderr (else we get RFB protocol errors) - $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"]; + $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; + + my $sock = IO::Socket::IP->new( + ReuseAddr => 1, + Listen => 1, + LocalPort => $port, + Proto => 'tcp', + GetAddrInfoFlags => 0, + ) or die "failed to create socket: $!\n"; + # Inside the worker we shouldn't have any previous alarms + # running anyway...: + alarm(0); + local $SIG{ALRM} = sub { die "connection timed out\n" }; + alarm $timeout; + accept(my $cli, $sock) or die "connection failed: $!\n"; + alarm(0); + close($sock); + if (PVE::Tools::run_command($cmd, + output => '>&'.fileno($cli), + input => '<&'.fileno($cli), + noerr => 1) != 0) + { + die "Failed to run vncproxy.\n"; + } } - PVE::Tools::run_command($cmd); - return; }; - my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); + my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1); PVE::Tools::wait_for_vnc_port($port); @@ -1636,12 +1678,16 @@ __PACKAGE__->register_method({ optional => 1, }, migration_network => { - type => 'string', - format => 'CIDR', + type => 'string', format => 'CIDR', description => "CIDR of the (sub) network that is used for migration.", optional => 1, }, machine => get_standard_option('pve-qm-machine'), + targetstorage => { + description => "Target storage for the migration. (Can be '1' to use the same storage id as on the source node.)", + type => 'string', + optional => 1 + } }, }, returns => { @@ -1680,6 +1726,13 @@ __PACKAGE__->register_method({ raise_param_exc({ migration_network => "Only root may use this option." }) if $migration_network && $authuser ne 'root@pam'; + my $targetstorage = extract_param($param, 'targetstorage'); + raise_param_exc({ targetstorage => "Only root may use this option." }) + if $targetstorage && $authuser ne 'root@pam'; + + raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." }) + if $targetstorage && !$migratedfrom; + # read spice ticket from STDIN my $spice_ticket; if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) { @@ -1701,7 +1754,7 @@ __PACKAGE__->register_method({ my $service = "vm:$vmid"; - my $cmd = ['ha-manager', 'enable', $service]; + my $cmd = ['ha-manager', 'set', $service, '--state', 'started']; print "Executing HA start for VM $vmid\n"; @@ -1720,7 +1773,7 @@ __PACKAGE__->register_method({ syslog('info', "start VM $vmid: $upid\n"); PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, - $machine, $spice_ticket, $migration_network, $migration_type); + $machine, $spice_ticket, $migration_network, $migration_type, $targetstorage); return; }; @@ -1798,7 +1851,7 @@ __PACKAGE__->register_method({ my $service = "vm:$vmid"; - my $cmd = ['ha-manager', 'disable', $service]; + my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped']; print "Executing HA stop for VM $vmid\n"; @@ -1960,18 +2013,40 @@ __PACKAGE__->register_method({ } } - my $realcmd = sub { - my $upid = shift; + if (PVE::HA::Config::vm_is_ha_managed($vmid) && + ($rpcenv->{type} ne 'ha')) { - syslog('info', "shutdown VM $vmid: $upid\n"); + my $hacmd = sub { + my $upid = shift; - PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout}, - $shutdown, $param->{forceStop}, $keepActive); + my $service = "vm:$vmid"; - return; - }; + my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped']; + + print "Executing HA stop for VM $vmid\n"; - return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd); + PVE::Tools::run_command($cmd); + + return; + }; + + return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd); + + } else { + + my $realcmd = sub { + my $upid = shift; + + syslog('info', "shutdown VM $vmid: $upid\n"); + + PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout}, + $shutdown, $param->{forceStop}, $keepActive); + + return; + }; + + return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd); + } }}); __PACKAGE__->register_method({ @@ -2421,21 +2496,28 @@ __PACKAGE__->register_method({ my $upid = shift; my $newvollist = []; + my $jobs = {}; eval { local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; }; PVE::Storage::activate_volumes($storecfg, $vollist, $snapname); + my $total_jobs = scalar(keys %{$drives}); + my $i = 1; + foreach my $opt (keys %$drives) { my $drive = $drives->{$opt}; + my $skipcomplete = ($total_jobs != $i); # finish after last drive my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname, - $newid, $storage, $format, $fullclone->{$opt}, $newvollist); + $newid, $storage, $format, $fullclone->{$opt}, $newvollist, + $jobs, $skipcomplete, $oldconf->{agent}); $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive); PVE::QemuConfig->write_config($newid, $newconf); + $i++; } delete $newconf->{lock}; @@ -2456,6 +2538,8 @@ __PACKAGE__->register_method({ if (my $err = $@) { unlink $conffile; + eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) }; + sleep 1; # some storage like rbd need to wait before release volume - really? foreach my $volid (@$newvollist) { @@ -2488,17 +2572,15 @@ __PACKAGE__->register_method({ proxyto => 'node', description => "Move volume to different storage.", permissions => { - description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " . - "and 'Datastore.AllocateSpace' permissions on the storage.", - check => - [ 'and', - ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]], - ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]], - ], + description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, and 'Datastore.AllocateSpace' permissions on the storage.", + check => [ 'and', + ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]], + ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]], + ], }, parameters => { additionalProperties => 0, - properties => { + properties => { node => get_standard_option('pve-node'), vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), disk => { @@ -2609,6 +2691,10 @@ __PACKAGE__->register_method({ PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete}; + # convert moved disk to base if part of template + PVE::QemuServer::template_create($vmid, $conf, $disk) + if PVE::QemuConfig->is_template($conf); + PVE::QemuConfig->write_config($vmid, $conf); eval { @@ -2674,17 +2760,24 @@ __PACKAGE__->register_method({ migration_type => { type => 'string', enum => ['secure', 'insecure'], - description => "Migration traffic is encrypted using an SSH " . - "tunnel by default. On secure, completely private networks " . - "this can be disabled to increase performance.", + description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.", optional => 1, }, migration_network => { - type => 'string', - format => 'CIDR', + type => 'string', format => 'CIDR', description => "CIDR of the (sub) network that is used for migration.", optional => 1, }, + "with-local-disks" => { + type => 'boolean', + description => "Enable live storage migration for local disk", + optional => 1, + }, + targetstorage => get_standard_option('pve-storage-id', { + description => "Default target storage.", + optional => 1, + completion => \&PVE::QemuServer::complete_storage, + }), }, }, returns => { @@ -2711,6 +2804,9 @@ __PACKAGE__->register_method({ my $vmid = extract_param($param, 'vmid'); + raise_param_exc({ targetstorage => "Live storage migration can only be done online." }) + if !$param->{online} && $param->{targetstorage}; + raise_param_exc({ force => "Only root may use this option." }) if $param->{force} && $authuser ne 'root@pam'; @@ -2734,7 +2830,12 @@ __PACKAGE__->register_method({ } my $storecfg = PVE::Storage::config(); - PVE::QemuServer::check_storage_availability($storecfg, $conf, $target); + + if( $param->{targetstorage}) { + PVE::Storage::storage_check_node($storecfg, $param->{targetstorage}, $target); + } else { + PVE::QemuServer::check_storage_availability($storecfg, $conf, $target); + } if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { @@ -2775,7 +2876,8 @@ __PACKAGE__->register_method({ proxyto => 'node', description => "Execute Qemu monitor commands.", permissions => { - check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], + description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')", + check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], }, parameters => { additionalProperties => 0, @@ -2792,6 +2894,18 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my $is_ro = sub { + my $command = shift; + return $command =~ m/^\s*info(\s+|$)/ + || $command =~ m/^\s*help\s*$/; + }; + + $rpcenv->check_full($authuser, "/", ['Sys.Modify']) + if !&$is_ro($param->{command}); + my $vmid = $param->{vmid}; my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists @@ -2805,6 +2919,70 @@ __PACKAGE__->register_method({ return $res; }}); +my $guest_agent_commands = [ + 'ping', + 'get-time', + 'info', + 'fsfreeze-status', + 'fsfreeze-freeze', + 'fsfreeze-thaw', + 'fstrim', + 'network-get-interfaces', + 'get-vcpus', + 'get-fsinfo', + 'get-memory-blocks', + 'get-memory-block-info', + 'suspend-hybrid', + 'suspend-ram', + 'suspend-disk', + 'shutdown', + ]; + +__PACKAGE__->register_method({ + name => 'agent', + path => '{vmid}/agent', + method => 'POST', + protected => 1, + proxyto => 'node', + description => "Execute Qemu Guest Agent commands.", + permissions => { + check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], + }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + vmid => get_standard_option('pve-vmid', { + completion => \&PVE::QemuServer::complete_vmid_running }), + command => { + type => 'string', + description => "The QGA command.", + enum => $guest_agent_commands, + }, + }, + }, + returns => { + type => 'object', + description => "Returns an object with a single `result` property. The type of that +property depends on the executed command.", + }, + code => sub { + my ($param) = @_; + + my $vmid = $param->{vmid}; + + my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists + + die "No Qemu Guest Agent\n" if !defined($conf->{agent}); + die "VM $vmid is not running\n" if !PVE::QemuServer::check_running($vmid); + + my $cmd = $param->{command}; + + my $res = PVE::QemuServer::vm_mon_cmd($vmid, "guest-$cmd"); + + return { result => $res }; + }}); + __PACKAGE__->register_method({ name => 'resize_vm', path => '{vmid}/resize', @@ -2829,7 +3007,7 @@ __PACKAGE__->register_method({ size => { type => 'string', pattern => '\+?\d+(\.\d+)?[KMGT]?', - description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.", + description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.", }, digest => { type => 'string', @@ -2910,7 +3088,7 @@ __PACKAGE__->register_method({ $newsize += $size if $ext; $newsize = int($newsize); - die "unable to skrink disk size\n" if $newsize < $size; + die "shrinking disks is not supported\n" if $newsize < $size; return if $size == $newsize;