X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=PVE%2FAPI2%2FQemu.pm;h=c566c4d8d2a153c3371d1031ea89e3f6480dfad4;hb=dd32a4664f3f13fc5bf2490b796e8b27f98e0156;hp=c0a6bc3106aeafa1fef915b4178d60a516027adf;hpb=d483fa010caed1fc1bd05e68086586ffe6382dc2;p=qemu-server.git diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm index c0a6bc3..c566c4d 100644 --- a/PVE/API2/Qemu.pm +++ b/PVE/API2/Qemu.pm @@ -5,6 +5,8 @@ use warnings; use Cwd 'abs_path'; use Net::SSLeay; use UUID; +use POSIX; +use IO::Socket::IP; use PVE::Cluster qw (cfs_read_file cfs_write_file);; use PVE::SafeSyslog; @@ -13,14 +15,24 @@ use PVE::Exception qw(raise raise_param_exc raise_perm_exc); use PVE::Storage; use PVE::JSONSchema qw(get_standard_option); use PVE::RESTHandler; +use PVE::QemuConfig; use PVE::QemuServer; use PVE::QemuMigrate; use PVE::RPCEnvironment; use PVE::AccessControl; use PVE::INotify; use PVE::Network; +use PVE::Firewall; use PVE::API2::Firewall::VM; -use PVE::HA::Config; + +BEGIN { + if (!$ENV{PVE_GENERATING_DOCS}) { + require PVE::HA::Env::PVE2; + import PVE::HA::Env::PVE2; + require PVE::HA::Config; + import PVE::HA::Config; + } +} use Data::Dumper; # fixme: remove @@ -38,22 +50,6 @@ my $resolve_cdrom_alias = sub { } }; -my $test_deallocate_drive = sub { - my ($storecfg, $vmid, $key, $drive, $force) = @_; - - if (!PVE::QemuServer::drive_is_cdrom($drive)) { - my $volid = $drive->{file}; - if ( PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) { - if ($force || $key =~ m/^unused/) { - my $sid = PVE::Storage::parse_volume_id($volid); - return $sid; - } - } - } - - return undef; -}; - my $check_storage_access = sub { my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_; @@ -73,7 +69,7 @@ my $check_storage_access = sub { die "no storage ID specified (and no default storage)\n" if !$storeid; $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']); } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid); } }); }; @@ -123,7 +119,8 @@ my $create_disks = sub { my $vollist = []; my $res = {}; - PVE::QemuServer::foreach_drive($settings, sub { + + my $code = sub { my ($ds, $disk) = @_; my $volid = $disk->{file}; @@ -131,21 +128,46 @@ my $create_disks = sub { if (!$volid || $volid eq 'none' || $volid eq 'cdrom') { delete $disk->{size}; $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); - } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) { + } elsif ($volid =~ m!^(([^/:\s]+):)?(\d+(\.\d+)?)$!) { my ($storeid, $size) = ($2 || $default_storage, $3); die "no storage ID specified (and no default storage)\n" if !$storeid; my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid); my $fmt = $disk->{format} || $defformat; - my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, - $fmt, undef, $size*1024*1024); - $disk->{file} = $volid; - $disk->{size} = $size*1024*1024*1024; + + my $volid; + if ($ds eq 'efidisk0') { + # handle efidisk + my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd'; + die "uefi vars image not found\n" if ! -f $ovmfvars; + $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, + $fmt, undef, 128); + $disk->{file} = $volid; + $disk->{size} = 128*1024; + my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid); + my $scfg = PVE::Storage::storage_config($storecfg, $storeid); + my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname); + my $path = PVE::Storage::path($storecfg, $volid); + my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-n', '-f', 'raw', '-O', $qemufmt]; + push @$efidiskcmd, $ovmfvars; + push @$efidiskcmd, $path; + + PVE::Storage::activate_volumes($storecfg, [$volid]); + + eval { PVE::Tools::run_command($efidiskcmd); }; + my $err = $@; + die "Copying of EFI Vars image failed: $err" if $err; + } else { + $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, + $fmt, undef, $size*1024*1024); + $disk->{file} = $volid; + $disk->{size} = $size*1024*1024*1024; + } push @$vollist, $volid; delete $disk->{format}; # no longer needed $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid); my $volid_is_new = 1; @@ -169,7 +191,9 @@ my $create_disks = sub { $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk); } - }); + }; + + eval { PVE::QemuServer::foreach_drive($settings, $code); }; # free allocated images on error if (my $err = $@) { @@ -189,32 +213,62 @@ my $create_disks = sub { return $vollist; }; -my $delete_drive = sub { - my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_; +my $cpuoptions = { + 'cores' => 1, + 'cpu' => 1, + 'cpulimit' => 1, + 'cpuunits' => 1, + 'numa' => 1, + 'smp' => 1, + 'sockets' => 1, + 'vcpus' => 1, +}; - if (!PVE::QemuServer::drive_is_cdrom($drive)) { - my $volid = $drive->{file}; +my $memoryoptions = { + 'memory' => 1, + 'balloon' => 1, + 'shares' => 1, +}; - if (PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) { - if ($force || $key =~ m/^unused/) { - eval { - # check if the disk is really unused - my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key); - my $path = PVE::Storage::path($storecfg, $volid); +my $hwtypeoptions = { + 'acpi' => 1, + 'hotplug' => 1, + 'kvm' => 1, + 'machine' => 1, + 'scsihw' => 1, + 'smbios1' => 1, + 'tablet' => 1, + 'vga' => 1, + 'watchdog' => 1, +}; - die "unable to delete '$volid' - volume is still in use (snapshot?)\n" - if $used_paths->{$path}; +my $generaloptions = { + 'agent' => 1, + 'autostart' => 1, + 'bios' => 1, + 'description' => 1, + 'keyboard' => 1, + 'localtime' => 1, + 'migrate_downtime' => 1, + 'migrate_speed' => 1, + 'name' => 1, + 'onboot' => 1, + 'ostype' => 1, + 'protection' => 1, + 'reboot' => 1, + 'startdate' => 1, + 'startup' => 1, + 'tdf' => 1, + 'template' => 1, +}; - PVE::Storage::vdisk_free($storecfg, $volid); - }; - die $@ if $@; - } else { - PVE::QemuServer::add_unused_volume($conf, $volid, $vmid); - } - } - } +my $vmpoweroptions = { + 'freeze' => 1, +}; - delete $conf->{$key}; +my $diskoptions = { + 'boot' => 1, + 'bootdisk' => 1, }; my $check_vm_modify_config_perm = sub { @@ -224,25 +278,32 @@ my $check_vm_modify_config_perm = sub { foreach my $opt (@$key_list) { # disk checks need to be done somewhere else - next if PVE::QemuServer::valid_drivename($opt); + next if PVE::QemuServer::is_valid_drivename($opt); + next if $opt eq 'cdrom'; + next if $opt =~ m/^unused\d+$/; - if ($opt eq 'sockets' || $opt eq 'cores' || - $opt eq 'cpu' || $opt eq 'smp' || $opt eq 'vcpus' || - $opt eq 'cpulimit' || $opt eq 'cpuunits') { + if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) { $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']); - } elsif ($opt eq 'boot' || $opt eq 'bootdisk') { - $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']); - } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') { + } elsif ($memoryoptions->{$opt}) { $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']); - } elsif ($opt eq 'args' || $opt eq 'lock') { - die "only root can set '$opt' config\n"; - } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' || - $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') { + } elsif ($hwtypeoptions->{$opt}) { $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']); + } elsif ($generaloptions->{$opt}) { + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']); + # special case for startup since it changes host behaviour + if ($opt eq 'startup') { + $rpcenv->check_full($authuser, "/", ['Sys.Modify']); + } + } elsif ($vmpoweroptions->{$opt}) { + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']); + } elsif ($diskoptions->{$opt}) { + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']); } elsif ($opt =~ m/^net\d+$/) { $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']); } else { - $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']); + # catches usb\d+, hostpci\d+, args, lock, etc. + # new options will be checked here + die "only root can set '$opt' config\n"; } } @@ -264,6 +325,11 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), + full => { + type => 'boolean', + optional => 1, + description => "Determine the full status of active VMs.", + }, }, }, returns => { @@ -280,7 +346,7 @@ __PACKAGE__->register_method({ my $rpcenv = PVE::RPCEnvironment::get(); my $authuser = $rpcenv->get_user(); - my $vmstatus = PVE::QemuServer::vmstatus(); + my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full}); my $res = []; foreach my $vmid (keys %$vmstatus) { @@ -314,16 +380,18 @@ __PACKAGE__->register_method({ properties => PVE::QemuServer::json_config_properties( { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }), archive => { description => "The backup file.", type => 'string', optional => 1, maxLength => 255, + completion => \&PVE::QemuServer::complete_backup_archives, }, storage => get_standard_option('pve-storage-id', { description => "Default storage.", optional => 1, + completion => \&PVE::QemuServer::complete_storage, }), force => { optional => 1, @@ -368,7 +436,7 @@ __PACKAGE__->register_method({ my $pool = extract_param($param, 'pool'); - my $filename = PVE::QemuServer::config_file($vmid); + my $filename = PVE::QemuConfig->config_file($vmid); my $storecfg = PVE::Storage::config(); @@ -400,7 +468,7 @@ __PACKAGE__->register_method({ &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]); foreach my $opt (keys %$param) { - if (PVE::QemuServer::valid_drivename($opt)) { + if (PVE::QemuServer::is_valid_drivename($opt)) { my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt}); raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive; @@ -418,20 +486,32 @@ __PACKAGE__->register_method({ die "pipe requires cli environment\n" if $rpcenv->{type} ne 'cli'; } else { - $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive); + PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive); $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive); } } my $restorefn = sub { + my $vmlist = PVE::Cluster::get_vmlist(); + if ($vmlist->{ids}->{$vmid}) { + my $current_node = $vmlist->{ids}->{$vmid}->{node}; + if ($current_node eq $node) { + my $conf = PVE::QemuConfig->load_config($vmid); + + PVE::QemuConfig->check_protection($conf, "unable to restore VM $vmid"); + + die "unable to restore vm $vmid - config file already exists\n" + if !$force; + + die "unable to restore vm $vmid - vm is running\n" + if PVE::QemuServer::check_running($vmid); - # fixme: this test does not work if VM exists on other node! - if (-f $filename) { - die "unable to restore vm $vmid: config file already exists\n" - if !$force; + die "unable to restore vm $vmid - vm is a template\n" + if PVE::QemuConfig->is_template($conf); - die "unable to restore vm $vmid: vm is running\n" - if PVE::QemuServer::check_running($vmid); + } else { + die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n"; + } } my $realcmd = sub { @@ -449,8 +529,7 @@ __PACKAGE__->register_method({ my $createfn = sub { # test after locking - die "unable to create vm $vmid: config file already exists\n" - if -f $filename; + PVE::Cluster::check_vmid_unused($vmid); my $realcmd = sub { @@ -463,7 +542,7 @@ __PACKAGE__->register_method({ $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage); # try to be smart about bootdisk - my @disks = PVE::QemuServer::disknames(); + my @disks = PVE::QemuServer::valid_drive_names(); my $firstdisk; foreach my $ds (reverse @disks) { next if !$conf->{$ds}; @@ -484,7 +563,7 @@ __PACKAGE__->register_method({ $conf->{smbios1} = "uuid=$uuid_str"; } - PVE::QemuServer::update_config_nolock($vmid, $conf); + PVE::QemuConfig->write_config($vmid, $conf); }; my $err = $@; @@ -503,7 +582,7 @@ __PACKAGE__->register_method({ return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd); }; - return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn); + return PVE::QemuConfig->lock_config_full($vmid, 1, $archive ? $restorefn : $createfn); }}); __PACKAGE__->register_method({ @@ -547,6 +626,7 @@ __PACKAGE__->register_method({ { subdir => 'rrd' }, { subdir => 'rrddata' }, { subdir => 'monitor' }, + { subdir => 'agent' }, { subdir => 'snapshot' }, { subdir => 'spiceproxy' }, { subdir => 'sendkey' }, @@ -662,7 +742,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), current => { description => "Get current values (instead of pending values).", optional => 1, @@ -683,7 +763,7 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; - my $conf = PVE::QemuServer::load_config($param->{vmid}); + my $conf = PVE::QemuConfig->load_config($param->{vmid}); delete $conf->{snapshots}; @@ -694,7 +774,8 @@ __PACKAGE__->register_method({ next if ref($value); # just to be sure $conf->{$opt} = $value; } - foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) { + my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete}); + foreach my $opt (keys %$pending_delete_hash) { delete $conf->{$opt} if $conf->{$opt}; } } @@ -717,7 +798,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), }, }, returns => { @@ -740,8 +821,11 @@ __PACKAGE__->register_method({ optional => 1, }, delete => { - description => "Indicated a pending delete request.", - type => 'boolean', + description => "Indicates a pending delete request if present and not 0. " . + "The value 2 indicates a force-delete request.", + type => 'integer', + minimum => 0, + maximum => 2, optional => 1, }, }, @@ -750,12 +834,9 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; - my $conf = PVE::QemuServer::load_config($param->{vmid}); + my $conf = PVE::QemuConfig->load_config($param->{vmid}); - my $pending_delete_hash = {}; - foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) { - $pending_delete_hash->{$opt} = 1; - } + my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete}); my $res = []; @@ -764,7 +845,7 @@ __PACKAGE__->register_method({ my $item = { key => $opt }; $item->{value} = $conf->{$opt} if defined($conf->{$opt}); $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt}); - $item->{delete} = 1 if $pending_delete_hash->{$opt}; + $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt}; push @$res, $item; } @@ -777,10 +858,10 @@ __PACKAGE__->register_method({ push @$res, $item; } - foreach my $opt (PVE::Tools::split_list($conf->{pending}->{delete})) { + while (my ($opt, $force) = each %$pending_delete_hash) { next if $conf->{pending}->{$opt}; # just to be sure next if $conf->{$opt}; - my $item = { key => $opt, delete => 1}; + my $item = { key => $opt, delete => ($force ? 2 : 1)}; push @$res, $item; } @@ -872,9 +953,10 @@ my $update_vm_api = sub { } foreach my $opt (keys %$param) { - if (PVE::QemuServer::valid_drivename($opt)) { + if (PVE::QemuServer::is_valid_drivename($opt)) { # cleanup drive path my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt}); + raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive; PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive); $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive); } elsif ($opt =~ m/^net(\d+)$/) { @@ -892,12 +974,12 @@ my $update_vm_api = sub { my $updatefn = sub { - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); die "checksum missmatch (file change by other user?)\n" if $digest && $digest ne $conf->{digest}; - PVE::QemuServer::check_lock($conf) if !$skiplock; + PVE::QemuConfig->check_lock($conf) if !$skiplock; foreach my $opt (keys %$revert) { if (defined($conf->{$opt})) { @@ -927,33 +1009,40 @@ my $update_vm_api = sub { foreach my $opt (@delete) { $modified->{$opt} = 1; - $conf = PVE::QemuServer::load_config($vmid); # update/reload + $conf = PVE::QemuConfig->load_config($vmid); # update/reload + if (!defined($conf->{$opt})) { + warn "cannot delete '$opt' - not set in current configuration!\n"; + $modified->{$opt} = 0; + next; + } + if ($opt =~ m/^unused/) { - $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']); my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt}); - if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) { - $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']); - &$delete_drive($conf, $storecfg, $vmid, $opt, $drive); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'"); + $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']); + if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) { + delete $conf->{$opt}; + PVE::QemuConfig->write_config($vmid, $conf); } - } elsif (PVE::QemuServer::valid_drivename($opt)) { + } elsif (PVE::QemuServer::is_valid_drivename($opt)) { + PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'"); $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']); PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt})) if defined($conf->{pending}->{$opt}); - PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force); + PVE::QemuConfig->write_config($vmid, $conf); } else { - PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force); + PVE::QemuConfig->write_config($vmid, $conf); } } foreach my $opt (keys %$param) { # add/change $modified->{$opt} = 1; - $conf = PVE::QemuServer::load_config($vmid); # update/reload + $conf = PVE::QemuConfig->load_config($vmid); # update/reload next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed - if (PVE::QemuServer::valid_drivename($opt)) { + if (PVE::QemuServer::is_valid_drivename($opt)) { my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt}); if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']); @@ -964,17 +1053,23 @@ my $update_vm_api = sub { if defined($conf->{pending}->{$opt}); &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}}); + } elsif ($opt eq "replicate") { + # check if all volumes have replicate feature + PVE::QemuConfig->get_replicatable_volumes($storecfg, $conf); + my $repl = PVE::JSONSchema::check_format('pve-replicate', $param->{opt}); + PVE::Cluster::check_node_exists($repl->{target}); + $conf->{$opt} = $param->{$opt}; } else { $conf->{pending}->{$opt} = $param->{$opt}; } PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->write_config($vmid, $conf); } # remove pending changes when nothing changed - $conf = PVE::QemuServer::load_config($vmid); # update/reload + $conf = PVE::QemuConfig->load_config($vmid); # update/reload my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes; + PVE::QemuConfig->write_config($vmid, $conf) if $changes; return if !scalar(keys %{$conf->{pending}}); @@ -982,7 +1077,7 @@ my $update_vm_api = sub { # apply pending changes - $conf = PVE::QemuServer::load_config($vmid); # update/reload + $conf = PVE::QemuConfig->load_config($vmid); # update/reload if ($running) { my $errors = {}; @@ -1028,7 +1123,7 @@ my $update_vm_api = sub { } }; - return PVE::QemuServer::lock_config($vmid, $updatefn); + return PVE::QemuConfig->lock_config($vmid, $updatefn); }; my $vm_config_perm_list = [ @@ -1111,7 +1206,7 @@ __PACKAGE__->register_method({ properties => PVE::QemuServer::json_config_properties( { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), skiplock => get_standard_option('skiplock'), delete => { type => 'string', format => 'pve-configid-list', @@ -1160,7 +1255,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }), skiplock => get_standard_option('skiplock'), }, }, @@ -1181,20 +1276,18 @@ __PACKAGE__->register_method({ if $skiplock && $authuser ne 'root@pam'; # test if VM exists - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); my $storecfg = PVE::Storage::config(); - my $delVMfromPoolFn = sub { - my $usercfg = cfs_read_file("user.cfg"); - if (my $pool = $usercfg->{vms}->{$vmid}) { - if (my $data = $usercfg->{pools}->{$pool}) { - delete $data->{vms}->{$vmid}; - delete $usercfg->{vms}->{$vmid}; - cfs_write_file("user.cfg", $usercfg); - } - } - }; + PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid"); + + die "unable to remove VM $vmid - used in HA resources\n" + if PVE::HA::Config::vm_is_ha_managed($vmid); + + # early tests (repeat after locking) + die "VM $vmid is running - destroy failed\n" + if PVE::QemuServer::check_running($vmid); my $realcmd = sub { my $upid = shift; @@ -1203,7 +1296,9 @@ __PACKAGE__->register_method({ PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock); - PVE::AccessControl::remove_vm_from_pool($vmid); + PVE::AccessControl::remove_vm_access($vmid); + + PVE::Firewall::remove_vmfw_conf($vmid); }; return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd); @@ -1223,7 +1318,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), idlist => { type => 'string', format => 'pve-configid-list', description => "A list of disk IDs you want to delete.", @@ -1290,7 +1385,7 @@ __PACKAGE__->register_method({ my $node = $param->{node}; my $websocket = $param->{websocket}; - my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists + my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists my $authpath = "/vms/$vmid"; @@ -1299,17 +1394,19 @@ __PACKAGE__->register_method({ $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) if !$sslcert; - my $port = PVE::Tools::next_vnc_port(); - - my $remip; + my ($remip, $family); my $remcmd = []; if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { - $remip = PVE::Cluster::remote_node_ip($node); + ($remip, $family) = PVE::Cluster::remote_node_ip($node); # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip]; + } else { + $family = PVE::Tools::get_host_address_family($node); } + my $port = PVE::Tools::next_vnc_port($family); + my $timeout = 10; my $realcmd = sub { @@ -1328,24 +1425,41 @@ __PACKAGE__->register_method({ $cmd = ['/usr/bin/vncterm', '-rfbport', $port, '-timeout', $timeout, '-authpath', $authpath, '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd]; + PVE::Tools::run_command($cmd); } else { $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy" - my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; - - my $qmstr = join(' ', @$qmcmd); - - # also redirect stderr (else we get RFB protocol errors) - $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"]; + $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; + + my $sock = IO::Socket::IP->new( + ReuseAddr => 1, + Listen => 1, + LocalPort => $port, + Proto => 'tcp', + GetAddrInfoFlags => 0, + ) or die "failed to create socket: $!\n"; + # Inside the worker we shouldn't have any previous alarms + # running anyway...: + alarm(0); + local $SIG{ALRM} = sub { die "connection timed out\n" }; + alarm $timeout; + accept(my $cli, $sock) or die "connection failed: $!\n"; + alarm(0); + close($sock); + if (PVE::Tools::run_command($cmd, + output => '>&'.fileno($cli), + input => '<&'.fileno($cli), + noerr => 1) != 0) + { + die "Failed to run vncproxy.\n"; + } } - PVE::Tools::run_command($cmd); - return; }; - my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); + my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1); PVE::Tools::wait_for_vnc_port($port); @@ -1405,7 +1519,7 @@ __PACKAGE__->register_method({ PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); - my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ? + my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ? # Note: VNC ports are acessible from outside, so we do not gain any # security if we verify that $param->{port} belongs to VM $vmid. This @@ -1446,8 +1560,9 @@ __PACKAGE__->register_method({ my $node = $param->{node}; my $proxy = $param->{proxy}; - my $conf = PVE::QemuServer::load_config($vmid, $node); - my $title = "VM $vmid - $conf->{'name'}", + my $conf = PVE::QemuConfig->load_config($vmid, $node); + my $title = "VM $vmid"; + $title .= " - ". $conf->{name} if $conf->{name}; my $port = PVE::QemuServer::spice_port($vmid); @@ -1490,7 +1605,7 @@ __PACKAGE__->register_method({ my ($param) = @_; # test if VM exists - my $conf = PVE::QemuServer::load_config($param->{vmid}); + my $conf = PVE::QemuConfig->load_config($param->{vmid}); my $res = [ { subdir => 'current' }, @@ -1523,12 +1638,12 @@ __PACKAGE__->register_method({ my ($param) = @_; # test if VM exists - my $conf = PVE::QemuServer::load_config($param->{vmid}); + my $conf = PVE::QemuConfig->load_config($param->{vmid}); my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1); my $status = $vmstatus->{$param->{vmid}}; - $status->{ha} = PVE::HA::Config::vm_is_ha_managed($param->{vmid}); + $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}"); $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga}); @@ -1549,11 +1664,30 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_stopped }), skiplock => get_standard_option('skiplock'), stateuri => get_standard_option('pve-qm-stateuri'), migratedfrom => get_standard_option('pve-node',{ optional => 1 }), + migration_type => { + type => 'string', + enum => ['secure', 'insecure'], + description => "Migration traffic is encrypted using an SSH " . + "tunnel by default. On secure, completely private networks " . + "this can be disabled to increase performance.", + optional => 1, + }, + migration_network => { + type => 'string', format => 'CIDR', + description => "CIDR of the (sub) network that is used for migration.", + optional => 1, + }, machine => get_standard_option('pve-qm-machine'), + targetstorage => { + description => "Target storage for the migration. (Can be '1' to use the same storage id as on the source node.)", + type => 'string', + optional => 1 + } }, }, returns => { @@ -1584,6 +1718,21 @@ __PACKAGE__->register_method({ raise_param_exc({ migratedfrom => "Only root may use this option." }) if $migratedfrom && $authuser ne 'root@pam'; + my $migration_type = extract_param($param, 'migration_type'); + raise_param_exc({ migration_type => "Only root may use this option." }) + if $migration_type && $authuser ne 'root@pam'; + + my $migration_network = extract_param($param, 'migration_network'); + raise_param_exc({ migration_network => "Only root may use this option." }) + if $migration_network && $authuser ne 'root@pam'; + + my $targetstorage = extract_param($param, 'targetstorage'); + raise_param_exc({ targetstorage => "Only root may use this option." }) + if $targetstorage && $authuser ne 'root@pam'; + + raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." }) + if $targetstorage && !$migratedfrom; + # read spice ticket from STDIN my $spice_ticket; if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) { @@ -1593,6 +1742,8 @@ __PACKAGE__->register_method({ } } + PVE::Cluster::check_cfs_quorum(); + my $storecfg = PVE::Storage::config(); if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri && @@ -1603,7 +1754,7 @@ __PACKAGE__->register_method({ my $service = "vm:$vmid"; - my $cmd = ['ha-manager', 'enable', $service]; + my $cmd = ['ha-manager', 'set', $service, '--state', 'started']; print "Executing HA start for VM $vmid\n"; @@ -1622,7 +1773,7 @@ __PACKAGE__->register_method({ syslog('info', "start VM $vmid: $upid\n"); PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, - $machine, $spice_ticket); + $machine, $spice_ticket, $migration_network, $migration_type, $targetstorage); return; }; @@ -1637,7 +1788,8 @@ __PACKAGE__->register_method({ method => 'POST', protected => 1, proxyto => 'node', - description => "Stop virtual machine.", + description => "Stop virtual machine. The qemu process will exit immediately. This" . + "is akin to pulling the power plug of a running computer and may damage the VM data", permissions => { check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], }, @@ -1645,7 +1797,8 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), migratedfrom => get_standard_option('pve-node', { optional => 1 }), timeout => { @@ -1655,7 +1808,7 @@ __PACKAGE__->register_method({ optional => 1, }, keepActive => { - description => "Do not decativate storage volumes.", + description => "Do not deactivate storage volumes.", type => 'boolean', optional => 1, default => 0, @@ -1698,7 +1851,7 @@ __PACKAGE__->register_method({ my $service = "vm:$vmid"; - my $cmd = ['ha-manager', 'disable', $service]; + my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped']; print "Executing HA stop for VM $vmid\n"; @@ -1739,7 +1892,8 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), }, }, @@ -1780,7 +1934,8 @@ __PACKAGE__->register_method({ method => 'POST', protected => 1, proxyto => 'node', - description => "Shutdown virtual machine.", + description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." . + "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.", permissions => { check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]], }, @@ -1788,7 +1943,8 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), timeout => { description => "Wait maximal timeout seconds.", @@ -1803,7 +1959,7 @@ __PACKAGE__->register_method({ default => 0, }, keepActive => { - description => "Do not decativate storage volumes.", + description => "Do not deactivate storage volumes.", type => 'boolean', optional => 1, default => 0, @@ -1834,18 +1990,63 @@ __PACKAGE__->register_method({ my $storecfg = PVE::Storage::config(); - my $realcmd = sub { - my $upid = shift; + my $shutdown = 1; - syslog('info', "shutdown VM $vmid: $upid\n"); + # if vm is paused, do not shutdown (but stop if forceStop = 1) + # otherwise, we will infer a shutdown command, but run into the timeout, + # then when the vm is resumed, it will instantly shutdown + # + # checking the qmp status here to get feedback to the gui/cli/api + # and the status query should not take too long + my $qmpstatus; + eval { + $qmpstatus = PVE::QemuServer::vm_qmp_command($vmid, { execute => "query-status" }, 0); + }; + my $err = $@ if $@; - PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout}, - 1, $param->{forceStop}, $keepActive); + if (!$err && $qmpstatus->{status} eq "paused") { + if ($param->{forceStop}) { + warn "VM is paused - stop instead of shutdown\n"; + $shutdown = 0; + } else { + die "VM is paused - cannot shutdown\n"; + } + } - return; - }; + if (PVE::HA::Config::vm_is_ha_managed($vmid) && + ($rpcenv->{type} ne 'ha')) { + + my $hacmd = sub { + my $upid = shift; - return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd); + my $service = "vm:$vmid"; + + my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped']; + + print "Executing HA stop for VM $vmid\n"; + + PVE::Tools::run_command($cmd); + + return; + }; + + return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd); + + } else { + + my $realcmd = sub { + my $upid = shift; + + syslog('info', "shutdown VM $vmid: $upid\n"); + + PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout}, + $shutdown, $param->{forceStop}, $keepActive); + + return; + }; + + return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd); + } }}); __PACKAGE__->register_method({ @@ -1862,7 +2063,8 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), }, }, @@ -1913,8 +2115,11 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), + nocheck => { type => 'boolean', optional => 1 }, + }, }, returns => { @@ -1935,14 +2140,16 @@ __PACKAGE__->register_method({ raise_param_exc({ skiplock => "Only root may use this option." }) if $skiplock && $authuser ne 'root@pam'; - die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid); + my $nocheck = extract_param($param, 'nocheck'); + + die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck); my $realcmd = sub { my $upid = shift; syslog('info', "resume VM $vmid: $upid\n"); - PVE::QemuServer::vm_resume($vmid, $skiplock); + PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck); return; }; @@ -1964,7 +2171,8 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', + { completion => \&PVE::QemuServer::complete_vmid_running }), skiplock => get_standard_option('skiplock'), key => { description => "The key (qemu monitor encoding).", @@ -2041,7 +2249,7 @@ __PACKAGE__->register_method({ my $running = PVE::QemuServer::check_running($vmid); - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); if($snapname){ my $snap = $conf->{snapshots}->{$snapname}; @@ -2051,7 +2259,7 @@ __PACKAGE__->register_method({ my $storecfg = PVE::Storage::config(); my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg); - my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running); + my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running); return { hasFeature => $hasFeature, @@ -2083,7 +2291,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }), name => { optional => 1, @@ -2190,9 +2398,9 @@ __PACKAGE__->register_method({ # do all tests after lock # we also try to do all tests before we fork the worker - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); - PVE::QemuServer::check_lock($conf); + PVE::QemuConfig->check_lock($conf); my $verify_running = PVE::QemuServer::check_running($vmid) || 0; @@ -2207,13 +2415,14 @@ __PACKAGE__->register_method({ die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm; - my $conffile = PVE::QemuServer::config_file($newid); + my $conffile = PVE::QemuConfig->config_file($newid); die "unable to create VM $newid: config file already exists\n" if -f $conffile; my $newconf = { lock => 'clone' }; my $drives = {}; + my $fullclone = {}; my $vollist = []; foreach my $opt (keys %$oldconf) { @@ -2223,12 +2432,16 @@ __PACKAGE__->register_method({ next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' || $opt eq 'vmstate' || $opt eq 'snapstate'; + # no need to copy unused images, because VMID(owner) changes anyways + next if $opt =~ m/^unused\d+$/; + # always change MAC! address if ($opt =~ m/^net(\d+)$/) { my $net = PVE::QemuServer::parse_net($value); - $net->{macaddr} = PVE::Tools::random_ether_addr(); + my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); + $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix}); $newconf->{$opt} = PVE::QemuServer::print_net($net); - } elsif (PVE::QemuServer::valid_drivename($opt)) { + } elsif (PVE::QemuServer::is_valid_drivename($opt)) { my $drive = PVE::QemuServer::parse_drive($opt, $value); die "unable to parse drive options for '$opt'\n" if !$drive; if (PVE::QemuServer::drive_is_cdrom($drive)) { @@ -2237,7 +2450,7 @@ __PACKAGE__->register_method({ if ($param->{full}) { die "Full clone feature is not available" if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running); - $drive->{full} = 1; + $fullclone->{$opt} = 1; } else { # not full means clone instead of copy die "Linked clone feature is not available" @@ -2283,31 +2496,39 @@ __PACKAGE__->register_method({ my $upid = shift; my $newvollist = []; + my $jobs = {}; eval { local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; }; - PVE::Storage::activate_volumes($storecfg, $vollist); + PVE::Storage::activate_volumes($storecfg, $vollist, $snapname); + + my $total_jobs = scalar(keys %{$drives}); + my $i = 1; foreach my $opt (keys %$drives) { my $drive = $drives->{$opt}; + my $skipcomplete = ($total_jobs != $i); # finish after last drive my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname, - $newid, $storage, $format, $drive->{full}, $newvollist); + $newid, $storage, $format, $fullclone->{$opt}, $newvollist, + $jobs, $skipcomplete, $oldconf->{agent}); $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive); - PVE::QemuServer::update_config_nolock($newid, $newconf, 1); + PVE::QemuConfig->write_config($newid, $newconf); + $i++; } delete $newconf->{lock}; - PVE::QemuServer::update_config_nolock($newid, $newconf, 1); + PVE::QemuConfig->write_config($newid, $newconf); if ($target) { # always deactivate volumes - avoid lvm LVs to be active on several nodes - PVE::Storage::deactivate_volumes($storecfg, $vollist); + PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running; + PVE::Storage::deactivate_volumes($storecfg, $newvollist); - my $newconffile = PVE::QemuServer::config_file($newid, $target); + my $newconffile = PVE::QemuConfig->config_file($newid, $target); die "Failed to move config to node '$target' - rename failed: $!\n" if !rename($conffile, $newconffile); } @@ -2317,6 +2538,8 @@ __PACKAGE__->register_method({ if (my $err = $@) { unlink $conffile; + eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) }; + sleep 1; # some storage like rbd need to wait before release volume - really? foreach my $volid (@$newvollist) { @@ -2329,12 +2552,14 @@ __PACKAGE__->register_method({ return; }; + PVE::Firewall::clone_vmfw_conf($vmid, $newid); + return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd); }; - return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub { + return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub { # Aquire exclusive lock lock for $newid - return PVE::QemuServer::lock_config_full($newid, 1, $clonefn); + return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn); }); }}); @@ -2347,25 +2572,26 @@ __PACKAGE__->register_method({ proxyto => 'node', description => "Move volume to different storage.", permissions => { - description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " . - "and 'Datastore.AllocateSpace' permissions on the storage.", - check => - [ 'and', - ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]], - ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]], - ], + description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, and 'Datastore.AllocateSpace' permissions on the storage.", + check => [ 'and', + ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]], + ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]], + ], }, parameters => { additionalProperties => 0, - properties => { + properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), disk => { type => 'string', description => "The disk you want to move.", - enum => [ PVE::QemuServer::disknames() ], + enum => [ PVE::QemuServer::valid_drive_names() ], }, - storage => get_standard_option('pve-storage-id', { description => "Target Storage." }), + storage => get_standard_option('pve-storage-id', { + description => "Target storage.", + completion => \&PVE::QemuServer::complete_storage, + }), 'format' => { type => 'string', description => "Target Format.", @@ -2413,7 +2639,9 @@ __PACKAGE__->register_method({ my $updatefn = sub { - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); + + PVE::QemuConfig->check_lock($conf); die "checksum missmatch (file change by other user?)\n" if $digest && $digest ne $conf->{digest}; @@ -2435,6 +2663,11 @@ __PACKAGE__->register_method({ die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid && (!$format || !$oldfmt || $oldfmt eq $format); + # this only checks snapshots because $disk is passed! + my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid); + die "you can't move a disk with snapshots and delete the source\n" + if $snapshotted && $param->{delete}; + PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid"); my $running = PVE::QemuServer::check_running($vmid); @@ -2448,14 +2681,21 @@ __PACKAGE__->register_method({ eval { local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; }; + warn "moving disk with snapshots, snapshots will not be moved!\n" + if $snapshotted; + my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef, $vmid, $storeid, $format, 1, $newvollist); $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive); - PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete}; + PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete}; + + # convert moved disk to base if part of template + PVE::QemuServer::template_create($vmid, $conf, $disk) + if PVE::QemuConfig->is_template($conf); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->write_config($vmid, $conf); eval { # try to deactivate volumes - avoid lvm LVs to be active on several nodes @@ -2474,23 +2714,18 @@ __PACKAGE__->register_method({ } if ($param->{delete}) { - my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1); - my $path = PVE::Storage::path($storecfg, $old_volid); - if ($used_paths->{$path}){ - warn "volume $old_volid have snapshots. Can't delete it\n"; - PVE::QemuServer::add_unused_volume($conf, $old_volid); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); - } else { - eval { PVE::Storage::vdisk_free($storecfg, $old_volid); }; - warn $@ if $@; - } + eval { + PVE::Storage::deactivate_volumes($storecfg, [$old_volid]); + PVE::Storage::vdisk_free($storecfg, $old_volid); + }; + warn $@ if $@; } }; return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd); }; - return PVE::QemuServer::lock_config($vmid, $updatefn); + return PVE::QemuConfig->lock_config($vmid, $updatefn); }}); __PACKAGE__->register_method({ @@ -2507,8 +2742,11 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), - target => get_standard_option('pve-node', { description => "Target node." }), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), + target => get_standard_option('pve-node', { + description => "Target node.", + completion => \&PVE::Cluster::complete_migration_target, + }), online => { type => 'boolean', description => "Use online/live migration.", @@ -2519,6 +2757,27 @@ __PACKAGE__->register_method({ description => "Allow to migrate VMs which use local devices. Only root may use this option.", optional => 1, }, + migration_type => { + type => 'string', + enum => ['secure', 'insecure'], + description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.", + optional => 1, + }, + migration_network => { + type => 'string', format => 'CIDR', + description => "CIDR of the (sub) network that is used for migration.", + optional => 1, + }, + "with-local-disks" => { + type => 'boolean', + description => "Enable live storage migration for local disk", + optional => 1, + }, + targetstorage => get_standard_option('pve-storage-id', { + description => "Default target storage.", + optional => 1, + completion => \&PVE::QemuServer::complete_storage, + }), }, }, returns => { @@ -2545,15 +2804,25 @@ __PACKAGE__->register_method({ my $vmid = extract_param($param, 'vmid'); + raise_param_exc({ targetstorage => "Live storage migration can only be done online." }) + if !$param->{online} && $param->{targetstorage}; + raise_param_exc({ force => "Only root may use this option." }) if $param->{force} && $authuser ne 'root@pam'; + raise_param_exc({ migration_type => "Only root may use this option." }) + if $param->{migration_type} && $authuser ne 'root@pam'; + + # allow root only until better network permissions are available + raise_param_exc({ migration_network => "Only root may use this option." }) + if $param->{migration_network} && $authuser ne 'root@pam'; + # test if VM exists - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); # try to detect errors early - PVE::QemuServer::check_lock($conf); + PVE::QemuConfig->check_lock($conf); if (PVE::QemuServer::check_running($vmid)) { die "cant migrate running VM without --online\n" @@ -2561,7 +2830,12 @@ __PACKAGE__->register_method({ } my $storecfg = PVE::Storage::config(); - PVE::QemuServer::check_storage_availability($storecfg, $conf, $target); + + if( $param->{targetstorage}) { + PVE::Storage::storage_check_node($storecfg, $param->{targetstorage}, $target); + } else { + PVE::QemuServer::check_storage_availability($storecfg, $conf, $target); + } if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { @@ -2602,7 +2876,8 @@ __PACKAGE__->register_method({ proxyto => 'node', description => "Execute Qemu monitor commands.", permissions => { - check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], + description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')", + check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], }, parameters => { additionalProperties => 0, @@ -2619,9 +2894,21 @@ __PACKAGE__->register_method({ code => sub { my ($param) = @_; + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my $is_ro = sub { + my $command = shift; + return $command =~ m/^\s*info(\s+|$)/ + || $command =~ m/^\s*help\s*$/; + }; + + $rpcenv->check_full($authuser, "/", ['Sys.Modify']) + if !&$is_ro($param->{command}); + my $vmid = $param->{vmid}; - my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists + my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists my $res = ''; eval { @@ -2632,6 +2919,70 @@ __PACKAGE__->register_method({ return $res; }}); +my $guest_agent_commands = [ + 'ping', + 'get-time', + 'info', + 'fsfreeze-status', + 'fsfreeze-freeze', + 'fsfreeze-thaw', + 'fstrim', + 'network-get-interfaces', + 'get-vcpus', + 'get-fsinfo', + 'get-memory-blocks', + 'get-memory-block-info', + 'suspend-hybrid', + 'suspend-ram', + 'suspend-disk', + 'shutdown', + ]; + +__PACKAGE__->register_method({ + name => 'agent', + path => '{vmid}/agent', + method => 'POST', + protected => 1, + proxyto => 'node', + description => "Execute Qemu Guest Agent commands.", + permissions => { + check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]], + }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + vmid => get_standard_option('pve-vmid', { + completion => \&PVE::QemuServer::complete_vmid_running }), + command => { + type => 'string', + description => "The QGA command.", + enum => $guest_agent_commands, + }, + }, + }, + returns => { + type => 'object', + description => "Returns an object with a single `result` property. The type of that +property depends on the executed command.", + }, + code => sub { + my ($param) = @_; + + my $vmid = $param->{vmid}; + + my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists + + die "No Qemu Guest Agent\n" if !defined($conf->{agent}); + die "VM $vmid is not running\n" if !PVE::QemuServer::check_running($vmid); + + my $cmd = $param->{command}; + + my $res = PVE::QemuServer::vm_mon_cmd($vmid, "guest-$cmd"); + + return { result => $res }; + }}); + __PACKAGE__->register_method({ name => 'resize_vm', path => '{vmid}/resize', @@ -2646,17 +2997,17 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), skiplock => get_standard_option('skiplock'), disk => { type => 'string', description => "The disk you want to resize.", - enum => [PVE::QemuServer::disknames()], + enum => [PVE::QemuServer::valid_drive_names()], }, size => { type => 'string', pattern => '\+?\d+(\.\d+)?[KMGT]?', - description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.", + description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.", }, digest => { type => 'string', @@ -2692,16 +3043,22 @@ __PACKAGE__->register_method({ my $updatefn = sub { - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); die "checksum missmatch (file change by other user?)\n" if $digest && $digest ne $conf->{digest}; - PVE::QemuServer::check_lock($conf) if !$skiplock; + PVE::QemuConfig->check_lock($conf) if !$skiplock; die "disk '$disk' does not exist\n" if !$conf->{$disk}; my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk}); + my (undef, undef, undef, undef, undef, undef, $format) = + PVE::Storage::parse_volname($storecfg, $drive->{file}); + + die "can't resize volume: $disk if snapshot exists\n" + if %{$conf->{snapshots}} && $format eq 'qcow2'; + my $volid = $drive->{file}; die "disk '$disk' has no associated volume\n" if !$volid; @@ -2712,6 +3069,7 @@ __PACKAGE__->register_method({ $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']); + PVE::Storage::activate_volumes($storecfg, [$volid]); my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5); die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/; @@ -2730,7 +3088,7 @@ __PACKAGE__->register_method({ $newsize += $size if $ext; $newsize = int($newsize); - die "unable to skrink disk size\n" if $newsize < $size; + die "shrinking disks is not supported\n" if $newsize < $size; return if $size == $newsize; @@ -2741,10 +3099,10 @@ __PACKAGE__->register_method({ $drive->{size} = $newsize; $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->write_config($vmid, $conf); }; - PVE::QemuServer::lock_config($vmid, $updatefn); + PVE::QemuConfig->lock_config($vmid, $updatefn); return undef; }}); @@ -2761,7 +3119,7 @@ __PACKAGE__->register_method({ parameters => { additionalProperties => 0, properties => { - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), node => get_standard_option('pve-node'), }, }, @@ -2778,7 +3136,7 @@ __PACKAGE__->register_method({ my $vmid = $param->{vmid}; - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); my $snaphash = $conf->{snapshots} || {}; my $res = []; @@ -2819,7 +3177,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), snapname => get_standard_option('pve-snapshot-name'), vmstate => { optional => 1, @@ -2855,7 +3213,7 @@ __PACKAGE__->register_method({ my $realcmd = sub { PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname"); - PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate}, + PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate}, $param->{description}); }; @@ -2936,9 +3294,9 @@ __PACKAGE__->register_method({ my $updatefn = sub { - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); - PVE::QemuServer::check_lock($conf); + PVE::QemuConfig->check_lock($conf); my $snap = $conf->{snapshots}->{$snapname}; @@ -2946,10 +3304,10 @@ __PACKAGE__->register_method({ $snap->{description} = $param->{description} if defined($param->{description}); - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->write_config($vmid, $conf); }; - PVE::QemuServer::lock_config($vmid, $updatefn); + PVE::QemuConfig->lock_config($vmid, $updatefn); return undef; }}); @@ -2983,7 +3341,7 @@ __PACKAGE__->register_method({ my $snapname = extract_param($param, 'snapname'); - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); my $snap = $conf->{snapshots}->{$snapname}; @@ -3006,7 +3364,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), snapname => get_standard_option('pve-snapshot-name'), }, }, @@ -3029,7 +3387,7 @@ __PACKAGE__->register_method({ my $realcmd = sub { PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname"); - PVE::QemuServer::snapshot_rollback($vmid, $snapname); + PVE::QemuConfig->snapshot_rollback($vmid, $snapname); }; return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd); @@ -3049,7 +3407,7 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }), snapname => get_standard_option('pve-snapshot-name'), force => { optional => 1, @@ -3077,7 +3435,7 @@ __PACKAGE__->register_method({ my $realcmd = sub { PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname"); - PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force}); + PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force}); }; return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd); @@ -3098,12 +3456,12 @@ __PACKAGE__->register_method({ additionalProperties => 0, properties => { node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }), disk => { optional => 1, type => 'string', description => "If you want to convert only 1 disk to base image.", - enum => [PVE::QemuServer::disknames()], + enum => [PVE::QemuServer::valid_drive_names()], }, }, @@ -3124,15 +3482,15 @@ __PACKAGE__->register_method({ my $updatefn = sub { - my $conf = PVE::QemuServer::load_config($vmid); + my $conf = PVE::QemuConfig->load_config($vmid); - PVE::QemuServer::check_lock($conf); + PVE::QemuConfig->check_lock($conf); die "unable to create template, because VM contains snapshots\n" if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); die "you can't convert a template to a template\n" - if PVE::QemuServer::is_template($conf) && !$disk; + if PVE::QemuConfig->is_template($conf) && !$disk; die "you can't convert a VM to template if VM is running\n" if PVE::QemuServer::check_running($vmid); @@ -3142,12 +3500,12 @@ __PACKAGE__->register_method({ }; $conf->{template} = 1; - PVE::QemuServer::update_config_nolock($vmid, $conf, 1); + PVE::QemuConfig->write_config($vmid, $conf); return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd); }; - PVE::QemuServer::lock_config($vmid, $updatefn); + PVE::QemuConfig->lock_config($vmid, $updatefn); return undef; }});