]>
Commit | Line | Data |
---|---|---|
f76a2828 DM |
1 | package PVE::API2::LXC; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::SafeSyslog; | |
7 | use PVE::Tools qw(extract_param run_command); | |
8 | use PVE::Exception qw(raise raise_param_exc); | |
9 | use PVE::INotify; | |
9c2d4ce9 | 10 | use PVE::Cluster qw(cfs_read_file); |
f76a2828 | 11 | use PVE::AccessControl; |
2f9b5ead | 12 | use PVE::Firewall; |
f76a2828 DM |
13 | use PVE::Storage; |
14 | use PVE::RESTHandler; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::LXC; | |
7af97ad5 | 17 | use PVE::LXC::Create; |
52389a07 DM |
18 | use PVE::API2::LXC::Config; |
19 | use PVE::API2::LXC::Status; | |
20 | use PVE::API2::LXC::Snapshot; | |
5c752bbf | 21 | use PVE::HA::Config; |
f76a2828 DM |
22 | use PVE::JSONSchema qw(get_standard_option); |
23 | use base qw(PVE::RESTHandler); | |
24 | ||
25 | use Data::Dumper; # fixme: remove | |
26 | ||
52389a07 DM |
27 | __PACKAGE__->register_method ({ |
28 | subclass => "PVE::API2::LXC::Config", | |
29 | path => '{vmid}/config', | |
30 | }); | |
f76a2828 | 31 | |
52389a07 DM |
32 | __PACKAGE__->register_method ({ |
33 | subclass => "PVE::API2::LXC::Status", | |
34 | path => '{vmid}/status', | |
35 | }); | |
f76a2828 | 36 | |
52389a07 DM |
37 | __PACKAGE__->register_method ({ |
38 | subclass => "PVE::API2::LXC::Snapshot", | |
39 | path => '{vmid}/snapshot', | |
40 | }); | |
f76a2828 | 41 | |
52389a07 DM |
42 | __PACKAGE__->register_method ({ |
43 | subclass => "PVE::API2::Firewall::CT", | |
44 | path => '{vmid}/firewall', | |
45 | }); | |
46 | ||
27916659 DM |
47 | my $alloc_rootfs = sub { |
48 | my ($storage_conf, $storage, $disk_size_gb, $vmid) = @_; | |
49 | ||
50 | my $volid; | |
51 | ||
52 | my $size = 4*1024*1024; # defaults to 4G | |
53 | ||
54 | $size = int($disk_size_gb*1024) * 1024 if defined($disk_size_gb); | |
55 | ||
56 | eval { | |
57 | my $scfg = PVE::Storage::storage_config($storage_conf, $storage); | |
58 | # fixme: use better naming ct-$vmid-disk-X.raw? | |
59 | ||
60 | if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') { | |
61 | if ($size > 0) { | |
62 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', | |
3d8cbc23 | 63 | undef, $size); |
27916659 DM |
64 | } else { |
65 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'subvol', | |
3d8cbc23 | 66 | undef, 0); |
27916659 DM |
67 | } |
68 | } elsif ($scfg->{type} eq 'zfspool') { | |
69 | ||
70 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'subvol', | |
3d8cbc23 | 71 | undef, $size); |
644f2f8f DM |
72 | } elsif ($scfg->{type} eq 'drbd') { |
73 | ||
74 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', undef, $size); | |
63f2ddfb AD |
75 | |
76 | } elsif ($scfg->{type} eq 'rbd') { | |
77 | ||
78 | die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd}; | |
79 | $volid = PVE::Storage::vdisk_alloc($storage_conf, $storage, $vmid, 'raw', undef, $size); | |
80 | ||
27916659 DM |
81 | } else { |
82 | die "unable to create containers on storage type '$scfg->{type}'\n"; | |
83 | } | |
84 | }; | |
85 | if (my $err = $@) { | |
86 | # cleanup | |
87 | eval { PVE::Storage::vdisk_free($storage_conf, $volid) if $volid; }; | |
88 | warn $@ if $@; | |
89 | die $err; | |
90 | } | |
91 | ||
92 | return $volid; | |
93 | }; | |
94 | ||
f76a2828 | 95 | __PACKAGE__->register_method({ |
5c752bbf DM |
96 | name => 'vmlist', |
97 | path => '', | |
f76a2828 DM |
98 | method => 'GET', |
99 | description => "LXC container index (per node).", | |
100 | permissions => { | |
101 | description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.", | |
102 | user => 'all', | |
103 | }, | |
104 | proxyto => 'node', | |
105 | protected => 1, # /proc files are only readable by root | |
106 | parameters => { | |
107 | additionalProperties => 0, | |
108 | properties => { | |
109 | node => get_standard_option('pve-node'), | |
110 | }, | |
111 | }, | |
112 | returns => { | |
113 | type => 'array', | |
114 | items => { | |
115 | type => "object", | |
116 | properties => {}, | |
117 | }, | |
118 | links => [ { rel => 'child', href => "{vmid}" } ], | |
119 | }, | |
120 | code => sub { | |
121 | my ($param) = @_; | |
122 | ||
123 | my $rpcenv = PVE::RPCEnvironment::get(); | |
124 | my $authuser = $rpcenv->get_user(); | |
125 | ||
126 | my $vmstatus = PVE::LXC::vmstatus(); | |
127 | ||
128 | my $res = []; | |
129 | foreach my $vmid (keys %$vmstatus) { | |
130 | next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1); | |
131 | ||
132 | my $data = $vmstatus->{$vmid}; | |
133 | $data->{vmid} = $vmid; | |
134 | push @$res, $data; | |
135 | } | |
136 | ||
137 | return $res; | |
5c752bbf | 138 | |
f76a2828 DM |
139 | }}); |
140 | ||
9c2d4ce9 | 141 | __PACKAGE__->register_method({ |
5c752bbf DM |
142 | name => 'create_vm', |
143 | path => '', | |
9c2d4ce9 DM |
144 | method => 'POST', |
145 | description => "Create or restore a container.", | |
146 | permissions => { | |
147 | user => 'all', # check inside | |
148 | description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " . | |
149 | "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " . | |
150 | "You also need 'Datastore.AllocateSpace' permissions on the storage.", | |
151 | }, | |
152 | protected => 1, | |
153 | proxyto => 'node', | |
154 | parameters => { | |
155 | additionalProperties => 0, | |
27916659 | 156 | properties => PVE::LXC::json_config_properties_no_rootfs({ |
9c2d4ce9 DM |
157 | node => get_standard_option('pve-node'), |
158 | vmid => get_standard_option('pve-vmid'), | |
159 | ostemplate => { | |
160 | description => "The OS template or backup file.", | |
5c752bbf | 161 | type => 'string', |
9c2d4ce9 DM |
162 | maxLength => 255, |
163 | }, | |
5c752bbf DM |
164 | password => { |
165 | optional => 1, | |
9c2d4ce9 DM |
166 | type => 'string', |
167 | description => "Sets root password inside container.", | |
168d6b07 | 168 | minLength => 5, |
9c2d4ce9 DM |
169 | }, |
170 | storage => get_standard_option('pve-storage-id', { | |
171 | description => "Target storage.", | |
172 | default => 'local', | |
173 | optional => 1, | |
174 | }), | |
27916659 DM |
175 | size => { |
176 | optional => 1, | |
177 | type => 'number', | |
178 | description => "Amount of disk space for the VM in GB. A zero indicates no limits.", | |
179 | minimum => 0, | |
180 | default => 4, | |
181 | }, | |
9c2d4ce9 | 182 | force => { |
5c752bbf | 183 | optional => 1, |
9c2d4ce9 DM |
184 | type => 'boolean', |
185 | description => "Allow to overwrite existing container.", | |
186 | }, | |
187 | restore => { | |
5c752bbf | 188 | optional => 1, |
9c2d4ce9 DM |
189 | type => 'boolean', |
190 | description => "Mark this as restore task.", | |
191 | }, | |
5c752bbf | 192 | pool => { |
9c2d4ce9 DM |
193 | optional => 1, |
194 | type => 'string', format => 'pve-poolid', | |
195 | description => "Add the VM to the specified pool.", | |
196 | }, | |
197 | }), | |
198 | }, | |
5c752bbf | 199 | returns => { |
9c2d4ce9 DM |
200 | type => 'string', |
201 | }, | |
202 | code => sub { | |
203 | my ($param) = @_; | |
204 | ||
205 | my $rpcenv = PVE::RPCEnvironment::get(); | |
206 | ||
207 | my $authuser = $rpcenv->get_user(); | |
208 | ||
209 | my $node = extract_param($param, 'node'); | |
210 | ||
211 | my $vmid = extract_param($param, 'vmid'); | |
212 | ||
213 | my $basecfg_fn = PVE::LXC::config_file($vmid); | |
214 | ||
215 | my $same_container_exists = -f $basecfg_fn; | |
216 | ||
217 | my $restore = extract_param($param, 'restore'); | |
218 | ||
148d1cb4 DM |
219 | if ($restore) { |
220 | # fixme: limit allowed parameters | |
221 | ||
222 | } | |
223 | ||
9c2d4ce9 DM |
224 | my $force = extract_param($param, 'force'); |
225 | ||
226 | if (!($same_container_exists && $restore && $force)) { | |
227 | PVE::Cluster::check_vmid_unused($vmid); | |
228 | } | |
5c752bbf | 229 | |
9c2d4ce9 DM |
230 | my $password = extract_param($param, 'password'); |
231 | ||
27916659 | 232 | my $disksize = extract_param($param, 'size'); |
5c752bbf | 233 | |
27916659 DM |
234 | my $storage = extract_param($param, 'storage') // 'local'; |
235 | ||
9c2d4ce9 DM |
236 | my $storage_cfg = cfs_read_file("storage.cfg"); |
237 | ||
238 | my $scfg = PVE::Storage::storage_check_node($storage_cfg, $storage, $node); | |
239 | ||
240 | raise_param_exc({ storage => "storage '$storage' does not support container root directories"}) | |
644f2f8f | 241 | if !($scfg->{content}->{images} || $scfg->{content}->{rootdir}); |
9c2d4ce9 | 242 | |
27916659 DM |
243 | my $pool = extract_param($param, 'pool'); |
244 | ||
9c2d4ce9 DM |
245 | if (defined($pool)) { |
246 | $rpcenv->check_pool_exist($pool); | |
247 | $rpcenv->check_perm_modify($authuser, "/pool/$pool"); | |
5c752bbf | 248 | } |
9c2d4ce9 | 249 | |
27916659 DM |
250 | $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']); |
251 | ||
9c2d4ce9 DM |
252 | if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) { |
253 | # OK | |
254 | } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) { | |
255 | # OK | |
256 | } elsif ($restore && $force && $same_container_exists && | |
257 | $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) { | |
258 | # OK: user has VM.Backup permissions, and want to restore an existing VM | |
259 | } else { | |
260 | raise_perm_exc(); | |
261 | } | |
262 | ||
52389a07 | 263 | PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]); |
9c2d4ce9 DM |
264 | |
265 | PVE::Storage::activate_storage($storage_cfg, $storage); | |
266 | ||
267 | my $ostemplate = extract_param($param, 'ostemplate'); | |
5c752bbf | 268 | |
9c2d4ce9 DM |
269 | my $archive; |
270 | ||
271 | if ($ostemplate eq '-') { | |
148d1cb4 DM |
272 | die "pipe requires cli environment\n" |
273 | if $rpcenv->{type} ne 'cli'; | |
274 | die "pipe can only be used with restore tasks\n" | |
275 | if !$restore; | |
27916659 DM |
276 | die "pipe requires --size parameter\n" |
277 | if !defined($disksize); | |
148d1cb4 | 278 | $archive = '-'; |
9c2d4ce9 DM |
279 | } else { |
280 | $rpcenv->check_volume_access($authuser, $storage_cfg, $vmid, $ostemplate); | |
281 | $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate); | |
282 | } | |
283 | ||
9c2d4ce9 | 284 | my $conf = {}; |
5b4657d0 | 285 | |
27916659 | 286 | PVE::LXC::update_pct_config($vmid, $conf, 0, $param); |
9c2d4ce9 | 287 | |
148d1cb4 DM |
288 | my $check_vmid_usage = sub { |
289 | if ($force) { | |
290 | die "cant overwrite running container\n" | |
291 | if PVE::LXC::check_running($vmid); | |
292 | } else { | |
293 | PVE::Cluster::check_vmid_unused($vmid); | |
294 | } | |
295 | }; | |
f507c3a7 | 296 | |
5b4657d0 | 297 | my $code = sub { |
148d1cb4 | 298 | &$check_vmid_usage(); # final check after locking |
87273b2b | 299 | |
148d1cb4 DM |
300 | PVE::Cluster::check_cfs_quorum(); |
301 | ||
27916659 DM |
302 | my $volid; |
303 | ||
304 | eval { | |
305 | if (!defined($disksize)) { | |
306 | if ($restore) { | |
7af97ad5 | 307 | (undef, $disksize) = PVE::LXC::Create::recover_config($archive); |
27916659 DM |
308 | die "unable to detect disk size - please specify with --size\n" |
309 | if !$disksize; | |
310 | } else { | |
311 | $disksize = 4; | |
312 | } | |
313 | } | |
314 | $volid = &$alloc_rootfs($storage_cfg, $storage, $disksize, $vmid); | |
315 | ||
7af97ad5 DM |
316 | PVE::LXC::Create::create_rootfs($storage_cfg, $storage, $volid, $vmid, $conf, |
317 | $archive, $password, $restore); | |
27916659 | 318 | |
dde7b02b | 319 | $conf->{rootfs} = PVE::LXC::print_ct_mountpoint({volume => $volid, size => $disksize }); |
27916659 DM |
320 | |
321 | # set some defaults | |
322 | $conf->{hostname} ||= "CT$vmid"; | |
323 | $conf->{memory} ||= 512; | |
324 | $conf->{swap} //= 512; | |
325 | ||
326 | PVE::LXC::create_config($vmid, $conf); | |
327 | }; | |
328 | if (my $err = $@) { | |
329 | eval { PVE::Storage::vdisk_free($storage_cfg, $volid) if $volid; }; | |
330 | warn $@ if $@; | |
331 | PVE::LXC::destroy_config($vmid); | |
332 | die $err; | |
6d098bf4 | 333 | } |
87273b2b | 334 | PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool; |
9c2d4ce9 | 335 | }; |
5c752bbf | 336 | |
9c2d4ce9 DM |
337 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
338 | ||
148d1cb4 DM |
339 | &$check_vmid_usage(); # first check before locking |
340 | ||
341 | return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate', | |
9c2d4ce9 | 342 | $vmid, $authuser, $realcmd); |
5c752bbf | 343 | |
9c2d4ce9 DM |
344 | }}); |
345 | ||
f76a2828 DM |
346 | __PACKAGE__->register_method({ |
347 | name => 'vmdiridx', | |
5c752bbf | 348 | path => '{vmid}', |
f76a2828 DM |
349 | method => 'GET', |
350 | proxyto => 'node', | |
351 | description => "Directory index", | |
352 | permissions => { | |
353 | user => 'all', | |
354 | }, | |
355 | parameters => { | |
356 | additionalProperties => 0, | |
357 | properties => { | |
358 | node => get_standard_option('pve-node'), | |
359 | vmid => get_standard_option('pve-vmid'), | |
360 | }, | |
361 | }, | |
362 | returns => { | |
363 | type => 'array', | |
364 | items => { | |
365 | type => "object", | |
366 | properties => { | |
367 | subdir => { type => 'string' }, | |
368 | }, | |
369 | }, | |
370 | links => [ { rel => 'child', href => "{subdir}" } ], | |
371 | }, | |
372 | code => sub { | |
373 | my ($param) = @_; | |
374 | ||
375 | # test if VM exists | |
e901d418 | 376 | my $conf = PVE::LXC::load_config($param->{vmid}); |
f76a2828 DM |
377 | |
378 | my $res = [ | |
379 | { subdir => 'config' }, | |
fff3a342 DM |
380 | { subdir => 'status' }, |
381 | { subdir => 'vncproxy' }, | |
382 | { subdir => 'vncwebsocket' }, | |
383 | { subdir => 'spiceproxy' }, | |
384 | { subdir => 'migrate' }, | |
f76a2828 DM |
385 | # { subdir => 'initlog' }, |
386 | { subdir => 'rrd' }, | |
387 | { subdir => 'rrddata' }, | |
388 | { subdir => 'firewall' }, | |
cc5392c8 | 389 | { subdir => 'snapshot' }, |
f76a2828 | 390 | ]; |
5c752bbf | 391 | |
f76a2828 DM |
392 | return $res; |
393 | }}); | |
394 | ||
395 | __PACKAGE__->register_method({ | |
5c752bbf DM |
396 | name => 'rrd', |
397 | path => '{vmid}/rrd', | |
f76a2828 DM |
398 | method => 'GET', |
399 | protected => 1, # fixme: can we avoid that? | |
400 | permissions => { | |
401 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
402 | }, | |
403 | description => "Read VM RRD statistics (returns PNG)", | |
404 | parameters => { | |
405 | additionalProperties => 0, | |
406 | properties => { | |
407 | node => get_standard_option('pve-node'), | |
408 | vmid => get_standard_option('pve-vmid'), | |
409 | timeframe => { | |
410 | description => "Specify the time frame you are interested in.", | |
411 | type => 'string', | |
412 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
413 | }, | |
414 | ds => { | |
415 | description => "The list of datasources you want to display.", | |
416 | type => 'string', format => 'pve-configid-list', | |
417 | }, | |
418 | cf => { | |
419 | description => "The RRD consolidation function", | |
420 | type => 'string', | |
421 | enum => [ 'AVERAGE', 'MAX' ], | |
422 | optional => 1, | |
423 | }, | |
424 | }, | |
425 | }, | |
426 | returns => { | |
427 | type => "object", | |
428 | properties => { | |
429 | filename => { type => 'string' }, | |
430 | }, | |
431 | }, | |
432 | code => sub { | |
433 | my ($param) = @_; | |
434 | ||
435 | return PVE::Cluster::create_rrd_graph( | |
5c752bbf | 436 | "pve2-vm/$param->{vmid}", $param->{timeframe}, |
f76a2828 | 437 | $param->{ds}, $param->{cf}); |
5c752bbf | 438 | |
f76a2828 DM |
439 | }}); |
440 | ||
441 | __PACKAGE__->register_method({ | |
5c752bbf DM |
442 | name => 'rrddata', |
443 | path => '{vmid}/rrddata', | |
f76a2828 DM |
444 | method => 'GET', |
445 | protected => 1, # fixme: can we avoid that? | |
446 | permissions => { | |
447 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
448 | }, | |
449 | description => "Read VM RRD statistics", | |
450 | parameters => { | |
451 | additionalProperties => 0, | |
452 | properties => { | |
453 | node => get_standard_option('pve-node'), | |
454 | vmid => get_standard_option('pve-vmid'), | |
455 | timeframe => { | |
456 | description => "Specify the time frame you are interested in.", | |
457 | type => 'string', | |
458 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
459 | }, | |
460 | cf => { | |
461 | description => "The RRD consolidation function", | |
462 | type => 'string', | |
463 | enum => [ 'AVERAGE', 'MAX' ], | |
464 | optional => 1, | |
465 | }, | |
466 | }, | |
467 | }, | |
468 | returns => { | |
469 | type => "array", | |
470 | items => { | |
471 | type => "object", | |
472 | properties => {}, | |
473 | }, | |
474 | }, | |
475 | code => sub { | |
476 | my ($param) = @_; | |
477 | ||
478 | return PVE::Cluster::create_rrd_data( | |
479 | "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf}); | |
480 | }}); | |
481 | ||
f76a2828 | 482 | __PACKAGE__->register_method({ |
5c752bbf DM |
483 | name => 'destroy_vm', |
484 | path => '{vmid}', | |
f76a2828 DM |
485 | method => 'DELETE', |
486 | protected => 1, | |
487 | proxyto => 'node', | |
488 | description => "Destroy the container (also delete all uses files).", | |
489 | permissions => { | |
490 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
491 | }, | |
492 | parameters => { | |
493 | additionalProperties => 0, | |
494 | properties => { | |
495 | node => get_standard_option('pve-node'), | |
496 | vmid => get_standard_option('pve-vmid'), | |
497 | }, | |
498 | }, | |
5c752bbf | 499 | returns => { |
f76a2828 DM |
500 | type => 'string', |
501 | }, | |
502 | code => sub { | |
503 | my ($param) = @_; | |
504 | ||
505 | my $rpcenv = PVE::RPCEnvironment::get(); | |
506 | ||
507 | my $authuser = $rpcenv->get_user(); | |
508 | ||
509 | my $vmid = $param->{vmid}; | |
510 | ||
511 | # test if container exists | |
673cf209 | 512 | my $conf = PVE::LXC::load_config($vmid); |
f76a2828 | 513 | |
611fe3aa DM |
514 | my $storage_cfg = cfs_read_file("storage.cfg"); |
515 | ||
516 | my $code = sub { | |
673cf209 DM |
517 | # reload config after lock |
518 | $conf = PVE::LXC::load_config($vmid); | |
519 | PVE::LXC::check_lock($conf); | |
520 | ||
27916659 | 521 | PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf); |
be5fc936 | 522 | PVE::AccessControl::remove_vm_access($vmid); |
2f9b5ead | 523 | PVE::Firewall::remove_vmfw_conf($vmid); |
f76a2828 DM |
524 | }; |
525 | ||
611fe3aa DM |
526 | my $realcmd = sub { PVE::LXC::lock_container($vmid, 1, $code); }; |
527 | ||
f76a2828 DM |
528 | return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd); |
529 | }}); | |
530 | ||
fff3a342 DM |
531 | my $sslcert; |
532 | ||
533 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
534 | name => 'vncproxy', |
535 | path => '{vmid}/vncproxy', | |
fff3a342 DM |
536 | method => 'POST', |
537 | protected => 1, | |
538 | permissions => { | |
539 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
540 | }, | |
541 | description => "Creates a TCP VNC proxy connections.", | |
542 | parameters => { | |
543 | additionalProperties => 0, | |
544 | properties => { | |
545 | node => get_standard_option('pve-node'), | |
546 | vmid => get_standard_option('pve-vmid'), | |
547 | websocket => { | |
548 | optional => 1, | |
549 | type => 'boolean', | |
550 | description => "use websocket instead of standard VNC.", | |
551 | }, | |
552 | }, | |
553 | }, | |
5b4657d0 | 554 | returns => { |
fff3a342 DM |
555 | additionalProperties => 0, |
556 | properties => { | |
557 | user => { type => 'string' }, | |
558 | ticket => { type => 'string' }, | |
559 | cert => { type => 'string' }, | |
560 | port => { type => 'integer' }, | |
561 | upid => { type => 'string' }, | |
562 | }, | |
563 | }, | |
564 | code => sub { | |
565 | my ($param) = @_; | |
566 | ||
567 | my $rpcenv = PVE::RPCEnvironment::get(); | |
568 | ||
569 | my $authuser = $rpcenv->get_user(); | |
570 | ||
571 | my $vmid = $param->{vmid}; | |
572 | my $node = $param->{node}; | |
573 | ||
574 | my $authpath = "/vms/$vmid"; | |
575 | ||
576 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath); | |
577 | ||
578 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) | |
579 | if !$sslcert; | |
580 | ||
ec2c57eb | 581 | my ($remip, $family); |
5b4657d0 | 582 | |
fff3a342 | 583 | if ($node ne PVE::INotify::nodename()) { |
85ae6211 | 584 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
ec2c57eb WB |
585 | } else { |
586 | $family = PVE::Tools::get_host_address_family($node); | |
fff3a342 DM |
587 | } |
588 | ||
ec2c57eb WB |
589 | my $port = PVE::Tools::next_vnc_port($family); |
590 | ||
fff3a342 DM |
591 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
592 | # so we select the fastest chipher here (or 'none'?) | |
5b4657d0 | 593 | my $remcmd = $remip ? |
fff3a342 DM |
594 | ['/usr/bin/ssh', '-t', $remip] : []; |
595 | ||
d18499cf | 596 | my $conf = PVE::LXC::load_config($vmid, $node); |
aca816ad DM |
597 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); |
598 | ||
5b4657d0 DM |
599 | my $shcmd = [ '/usr/bin/dtach', '-A', |
600 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 601 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
602 | |
603 | my $realcmd = sub { | |
604 | my $upid = shift; | |
605 | ||
5b4657d0 | 606 | syslog ('info', "starting lxc vnc proxy $upid\n"); |
fff3a342 | 607 | |
5b4657d0 | 608 | my $timeout = 10; |
fff3a342 DM |
609 | |
610 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, | |
5b4657d0 | 611 | '-timeout', $timeout, '-authpath', $authpath, |
fff3a342 DM |
612 | '-perm', 'VM.Console']; |
613 | ||
614 | if ($param->{websocket}) { | |
5b4657d0 | 615 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
fff3a342 DM |
616 | push @$cmd, '-notls', '-listen', 'localhost'; |
617 | } | |
618 | ||
619 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
620 | ||
621 | run_command($cmd); | |
622 | ||
623 | return; | |
624 | }; | |
625 | ||
626 | my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd); | |
627 | ||
628 | PVE::Tools::wait_for_vnc_port($port); | |
629 | ||
630 | return { | |
631 | user => $authuser, | |
632 | ticket => $ticket, | |
5b4657d0 DM |
633 | port => $port, |
634 | upid => $upid, | |
635 | cert => $sslcert, | |
fff3a342 DM |
636 | }; |
637 | }}); | |
638 | ||
639 | __PACKAGE__->register_method({ | |
640 | name => 'vncwebsocket', | |
641 | path => '{vmid}/vncwebsocket', | |
642 | method => 'GET', | |
5b4657d0 | 643 | permissions => { |
fff3a342 DM |
644 | description => "You also need to pass a valid ticket (vncticket).", |
645 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
646 | }, | |
647 | description => "Opens a weksocket for VNC traffic.", | |
648 | parameters => { | |
649 | additionalProperties => 0, | |
650 | properties => { | |
651 | node => get_standard_option('pve-node'), | |
652 | vmid => get_standard_option('pve-vmid'), | |
653 | vncticket => { | |
654 | description => "Ticket from previous call to vncproxy.", | |
655 | type => 'string', | |
656 | maxLength => 512, | |
657 | }, | |
658 | port => { | |
659 | description => "Port number returned by previous vncproxy call.", | |
660 | type => 'integer', | |
661 | minimum => 5900, | |
662 | maximum => 5999, | |
663 | }, | |
664 | }, | |
665 | }, | |
666 | returns => { | |
667 | type => "object", | |
668 | properties => { | |
669 | port => { type => 'string' }, | |
670 | }, | |
671 | }, | |
672 | code => sub { | |
673 | my ($param) = @_; | |
674 | ||
675 | my $rpcenv = PVE::RPCEnvironment::get(); | |
676 | ||
677 | my $authuser = $rpcenv->get_user(); | |
678 | ||
679 | my $authpath = "/vms/$param->{vmid}"; | |
680 | ||
681 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath); | |
682 | ||
683 | my $port = $param->{port}; | |
5b4657d0 | 684 | |
fff3a342 DM |
685 | return { port => $port }; |
686 | }}); | |
687 | ||
688 | __PACKAGE__->register_method ({ | |
5b4657d0 DM |
689 | name => 'spiceproxy', |
690 | path => '{vmid}/spiceproxy', | |
fff3a342 DM |
691 | method => 'POST', |
692 | protected => 1, | |
693 | proxyto => 'node', | |
694 | permissions => { | |
695 | check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]], | |
696 | }, | |
697 | description => "Returns a SPICE configuration to connect to the CT.", | |
698 | parameters => { | |
699 | additionalProperties => 0, | |
700 | properties => { | |
701 | node => get_standard_option('pve-node'), | |
702 | vmid => get_standard_option('pve-vmid'), | |
703 | proxy => get_standard_option('spice-proxy', { optional => 1 }), | |
704 | }, | |
705 | }, | |
706 | returns => get_standard_option('remote-viewer-config'), | |
707 | code => sub { | |
708 | my ($param) = @_; | |
709 | ||
710 | my $vmid = $param->{vmid}; | |
711 | my $node = $param->{node}; | |
712 | my $proxy = $param->{proxy}; | |
713 | ||
714 | my $authpath = "/vms/$vmid"; | |
715 | my $permissions = 'VM.Console'; | |
716 | ||
aca816ad DM |
717 | my $conf = PVE::LXC::load_config($vmid); |
718 | my $concmd = PVE::LXC::get_console_command($vmid, $conf); | |
719 | ||
5b4657d0 DM |
720 | my $shcmd = ['/usr/bin/dtach', '-A', |
721 | "/var/run/dtach/vzctlconsole$vmid", | |
aca816ad | 722 | '-r', 'winch', '-z', @$concmd]; |
fff3a342 DM |
723 | |
724 | my $title = "CT $vmid"; | |
725 | ||
726 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd); | |
727 | }}); | |
5c752bbf | 728 | |
5c752bbf DM |
729 | |
730 | __PACKAGE__->register_method({ | |
52389a07 DM |
731 | name => 'migrate_vm', |
732 | path => '{vmid}/migrate', | |
5c752bbf DM |
733 | method => 'POST', |
734 | protected => 1, | |
735 | proxyto => 'node', | |
52389a07 | 736 | description => "Migrate the container to another node. Creates a new migration task.", |
5c752bbf | 737 | permissions => { |
52389a07 | 738 | check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]], |
5c752bbf DM |
739 | }, |
740 | parameters => { | |
741 | additionalProperties => 0, | |
742 | properties => { | |
743 | node => get_standard_option('pve-node'), | |
744 | vmid => get_standard_option('pve-vmid'), | |
52389a07 DM |
745 | target => get_standard_option('pve-node', { description => "Target node." }), |
746 | online => { | |
747 | type => 'boolean', | |
748 | description => "Use online/live migration.", | |
749 | optional => 1, | |
750 | }, | |
5c752bbf DM |
751 | }, |
752 | }, | |
753 | returns => { | |
754 | type => 'string', | |
52389a07 | 755 | description => "the task ID.", |
5c752bbf DM |
756 | }, |
757 | code => sub { | |
758 | my ($param) = @_; | |
759 | ||
760 | my $rpcenv = PVE::RPCEnvironment::get(); | |
761 | ||
762 | my $authuser = $rpcenv->get_user(); | |
763 | ||
52389a07 | 764 | my $target = extract_param($param, 'target'); |
bb1ac2de | 765 | |
52389a07 DM |
766 | my $localnode = PVE::INotify::nodename(); |
767 | raise_param_exc({ target => "target is local node."}) if $target eq $localnode; | |
bb1ac2de | 768 | |
52389a07 | 769 | PVE::Cluster::check_cfs_quorum(); |
5c752bbf | 770 | |
52389a07 | 771 | PVE::Cluster::check_node_exists($target); |
27916659 | 772 | |
52389a07 | 773 | my $targetip = PVE::Cluster::remote_node_ip($target); |
5c752bbf | 774 | |
52389a07 | 775 | my $vmid = extract_param($param, 'vmid'); |
5c752bbf | 776 | |
52389a07 DM |
777 | # test if VM exists |
778 | PVE::LXC::load_config($vmid); | |
5c752bbf | 779 | |
52389a07 DM |
780 | # try to detect errors early |
781 | if (PVE::LXC::check_running($vmid)) { | |
782 | die "cant migrate running container without --online\n" | |
783 | if !$param->{online}; | |
5c752bbf | 784 | } |
5c752bbf DM |
785 | |
786 | if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') { | |
787 | ||
788 | my $hacmd = sub { | |
789 | my $upid = shift; | |
790 | ||
791 | my $service = "ct:$vmid"; | |
792 | ||
52389a07 | 793 | my $cmd = ['ha-manager', 'migrate', $service, $target]; |
5c752bbf | 794 | |
52389a07 | 795 | print "Executing HA migrate for CT $vmid to node $target\n"; |
5c752bbf DM |
796 | |
797 | PVE::Tools::run_command($cmd); | |
798 | ||
799 | return; | |
800 | }; | |
801 | ||
52389a07 | 802 | return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd); |
5c752bbf DM |
803 | |
804 | } else { | |
805 | ||
806 | my $realcmd = sub { | |
807 | my $upid = shift; | |
808 | ||
52389a07 DM |
809 | # fixme: implement lxc container migration |
810 | die "lxc container migration not implemented\n"; | |
5c752bbf DM |
811 | |
812 | return; | |
813 | }; | |
814 | ||
52389a07 | 815 | return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd); |
5c752bbf DM |
816 | } |
817 | }}); | |
818 | ||
cc5392c8 WL |
819 | __PACKAGE__->register_method({ |
820 | name => 'vm_feature', | |
821 | path => '{vmid}/feature', | |
822 | method => 'GET', | |
823 | proxyto => 'node', | |
824 | protected => 1, | |
825 | description => "Check if feature for virtual machine is available.", | |
826 | permissions => { | |
827 | check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]], | |
828 | }, | |
829 | parameters => { | |
830 | additionalProperties => 0, | |
831 | properties => { | |
832 | node => get_standard_option('pve-node'), | |
833 | vmid => get_standard_option('pve-vmid'), | |
834 | feature => { | |
835 | description => "Feature to check.", | |
836 | type => 'string', | |
837 | enum => [ 'snapshot' ], | |
838 | }, | |
839 | snapname => get_standard_option('pve-lxc-snapshot-name', { | |
840 | optional => 1, | |
841 | }), | |
842 | }, | |
843 | }, | |
844 | returns => { | |
845 | type => "object", | |
846 | properties => { | |
847 | hasFeature => { type => 'boolean' }, | |
848 | #nodes => { | |
849 | #type => 'array', | |
850 | #items => { type => 'string' }, | |
851 | #} | |
852 | }, | |
853 | }, | |
854 | code => sub { | |
855 | my ($param) = @_; | |
856 | ||
857 | my $node = extract_param($param, 'node'); | |
858 | ||
859 | my $vmid = extract_param($param, 'vmid'); | |
860 | ||
861 | my $snapname = extract_param($param, 'snapname'); | |
862 | ||
863 | my $feature = extract_param($param, 'feature'); | |
864 | ||
865 | my $conf = PVE::LXC::load_config($vmid); | |
866 | ||
867 | if($snapname){ | |
868 | my $snap = $conf->{snapshots}->{$snapname}; | |
869 | die "snapshot '$snapname' does not exist\n" if !defined($snap); | |
870 | $conf = $snap; | |
871 | } | |
ef241384 | 872 | my $storage_cfg = PVE::Storage::config(); |
cc5392c8 | 873 | #Maybe include later |
ef241384 DM |
874 | #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg); |
875 | my $hasFeature = PVE::LXC::has_feature($feature, $conf, $storage_cfg, $snapname); | |
cc5392c8 WL |
876 | |
877 | return { | |
878 | hasFeature => $hasFeature, | |
879 | #nodes => [ keys %$nodelist ], | |
880 | }; | |
881 | }}); | |
bb1ac2de DM |
882 | |
883 | __PACKAGE__->register_method({ | |
884 | name => 'template', | |
885 | path => '{vmid}/template', | |
886 | method => 'POST', | |
887 | protected => 1, | |
888 | proxyto => 'node', | |
889 | description => "Create a Template.", | |
890 | permissions => { | |
891 | description => "You need 'VM.Allocate' permissions on /vms/{vmid}", | |
892 | check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']], | |
893 | }, | |
894 | parameters => { | |
895 | additionalProperties => 0, | |
896 | properties => { | |
897 | node => get_standard_option('pve-node'), | |
898 | vmid => get_standard_option('pve-vmid'), | |
899 | }, | |
900 | }, | |
901 | returns => { type => 'null'}, | |
902 | code => sub { | |
903 | my ($param) = @_; | |
904 | ||
905 | my $rpcenv = PVE::RPCEnvironment::get(); | |
906 | ||
907 | my $authuser = $rpcenv->get_user(); | |
908 | ||
909 | my $node = extract_param($param, 'node'); | |
910 | ||
911 | my $vmid = extract_param($param, 'vmid'); | |
912 | ||
913 | my $updatefn = sub { | |
914 | ||
915 | my $conf = PVE::LXC::load_config($vmid); | |
916 | PVE::LXC::check_lock($conf); | |
917 | ||
918 | die "unable to create template, because CT contains snapshots\n" | |
919 | if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}}); | |
920 | ||
921 | die "you can't convert a template to a template\n" | |
922 | if PVE::LXC::is_template($conf); | |
923 | ||
924 | die "you can't convert a CT to template if the CT is running\n" | |
925 | if PVE::LXC::check_running($vmid); | |
926 | ||
927 | my $realcmd = sub { | |
928 | PVE::LXC::template_create($vmid, $conf); | |
929 | }; | |
930 | ||
931 | $conf->{template} = 1; | |
932 | ||
933 | PVE::LXC::write_config($vmid, $conf); | |
934 | # and remove lxc config | |
935 | PVE::LXC::update_lxc_config(undef, $vmid, $conf); | |
936 | ||
937 | return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd); | |
938 | }; | |
939 | ||
940 | PVE::LXC::lock_container($vmid, undef, $updatefn); | |
941 | ||
942 | return undef; | |
943 | }}); | |
944 | ||
f76a2828 | 945 | 1; |