]>
Commit | Line | Data |
---|---|---|
9beee926 | 1 | package PVE::CLI::pct; |
179b842e | 2 | |
9beee926 DM |
3 | use strict; |
4 | use warnings; | |
5 | ||
b95bf64b WB |
6 | use POSIX; |
7 | use Fcntl; | |
8 | use File::Copy 'copy'; | |
9 | ||
9beee926 DM |
10 | use PVE::SafeSyslog; |
11 | use PVE::Tools qw(extract_param); | |
c87b1505 | 12 | use PVE::CpuSet; |
9beee926 DM |
13 | use PVE::Cluster; |
14 | use PVE::INotify; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::JSONSchema qw(get_standard_option); | |
17 | use PVE::CLIHandler; | |
18 | use PVE::API2::LXC; | |
19 | use PVE::API2::LXC::Config; | |
20 | use PVE::API2::LXC::Status; | |
21 | use PVE::API2::LXC::Snapshot; | |
22 | ||
9beee926 DM |
23 | use base qw(PVE::CLIHandler); |
24 | ||
25 | my $nodename = PVE::INotify::nodename(); | |
26 | ||
27 | my $upid_exit = sub { | |
28 | my $upid = shift; | |
29 | my $status = PVE::Tools::upid_read_status($upid); | |
30 | exit($status eq 'OK' ? 0 : -1); | |
31 | }; | |
32 | ||
52e1f0cb DM |
33 | sub setup_environment { |
34 | PVE::RPCEnvironment->setup_default_cli_env(); | |
35 | } | |
36 | ||
699ee9b2 DC |
37 | __PACKAGE__->register_method ({ |
38 | name => 'status', | |
39 | path => 'status', | |
40 | method => 'GET', | |
41 | description => "Show CT status.", | |
42 | parameters => { | |
43 | additionalProperties => 0, | |
44 | properties => { | |
45 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
46 | verbose => { | |
47 | description => "Verbose output format", | |
48 | type => 'boolean', | |
49 | optional => 1, | |
50 | } | |
51 | }, | |
52 | }, | |
53 | returns => { type => 'null'}, | |
54 | code => sub { | |
55 | my ($param) = @_; | |
56 | ||
57 | # test if CT exists | |
58 | my $conf = PVE::LXC::Config->load_config ($param->{vmid}); | |
59 | ||
60 | my $vmstatus = PVE::LXC::vmstatus($param->{vmid}); | |
61 | my $stat = $vmstatus->{$param->{vmid}}; | |
62 | if ($param->{verbose}) { | |
63 | foreach my $k (sort (keys %$stat)) { | |
64 | my $v = $stat->{$k}; | |
65 | next if !defined($v); | |
66 | print "$k: $v\n"; | |
67 | } | |
68 | } else { | |
69 | my $status = $stat->{status} || 'unknown'; | |
70 | print "status: $status\n"; | |
71 | } | |
72 | ||
73 | return undef; | |
74 | }}); | |
75 | ||
6085e45b | 76 | sub param_mapping { |
34ddbf08 FG |
77 | my ($name) = @_; |
78 | ||
79 | my $mapping = { | |
6085e45b DC |
80 | 'create_vm' => [ |
81 | PVE::CLIHandler::get_standard_mapping('pve-password'), | |
82 | 'ssh-public-keys', | |
83 | ], | |
34ddbf08 FG |
84 | }; |
85 | ||
6085e45b | 86 | return $mapping->{$name}; |
34ddbf08 FG |
87 | } |
88 | ||
c72bd0ba WL |
89 | __PACKAGE__->register_method ({ |
90 | name => 'unlock', | |
91 | path => 'unlock', | |
92 | method => 'PUT', | |
93 | description => "Unlock the VM.", | |
94 | parameters => { | |
95 | additionalProperties => 0, | |
96 | properties => { | |
97 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
98 | }, | |
99 | }, | |
100 | returns => { type => 'null'}, | |
101 | code => sub { | |
102 | my ($param) = @_; | |
103 | ||
104 | my $vmid = $param->{vmid}; | |
105 | ||
ad408fe1 | 106 | PVE::LXC::Config->remove_lock($vmid); |
c72bd0ba WL |
107 | |
108 | return undef; | |
109 | }}); | |
110 | ||
9beee926 DM |
111 | __PACKAGE__->register_method ({ |
112 | name => 'console', | |
113 | path => 'console', | |
114 | method => 'GET', | |
115 | description => "Launch a console for the specified container.", | |
116 | parameters => { | |
117 | additionalProperties => 0, | |
118 | properties => { | |
119 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
65213b67 TM |
120 | escape => { |
121 | description => "Escape sequence prefix. For example to use <Ctrl+b q> as the escape sequence pass '^b'.", | |
122 | default => '^a', | |
123 | type => 'string', | |
124 | pattern => '\^?[a-z]', | |
125 | optional => 1, | |
126 | }, | |
9beee926 DM |
127 | }, |
128 | }, | |
129 | returns => { type => 'null' }, | |
130 | ||
131 | code => sub { | |
132 | my ($param) = @_; | |
133 | ||
134 | # test if container exists on this node | |
67afe46e | 135 | my $conf = PVE::LXC::Config->load_config($param->{vmid}); |
9beee926 | 136 | |
65213b67 | 137 | my $cmd = PVE::LXC::get_console_command($param->{vmid}, $conf, $param->{escape}); |
9beee926 DM |
138 | exec(@$cmd); |
139 | }}); | |
140 | ||
141 | __PACKAGE__->register_method ({ | |
142 | name => 'enter', | |
143 | path => 'enter', | |
144 | method => 'GET', | |
145 | description => "Launch a shell for the specified container.", | |
146 | parameters => { | |
147 | additionalProperties => 0, | |
148 | properties => { | |
149 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
150 | }, | |
151 | }, | |
152 | returns => { type => 'null' }, | |
153 | ||
154 | code => sub { | |
155 | my ($param) = @_; | |
156 | ||
d4b3eead TL |
157 | my $vmid = $param->{vmid}; |
158 | ||
9beee926 | 159 | # test if container exists on this node |
67afe46e | 160 | PVE::LXC::Config->load_config($vmid); |
d4b3eead TL |
161 | |
162 | die "Error: container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid); | |
9beee926 | 163 | |
d4b3eead | 164 | exec('lxc-attach', '-n', $vmid); |
9beee926 DM |
165 | }}); |
166 | ||
167 | __PACKAGE__->register_method ({ | |
168 | name => 'exec', | |
169 | path => 'exec', | |
170 | method => 'GET', | |
171 | description => "Launch a command inside the specified container.", | |
172 | parameters => { | |
173 | additionalProperties => 0, | |
174 | properties => { | |
4b09527c | 175 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), |
9beee926 DM |
176 | 'extra-args' => get_standard_option('extra-args'), |
177 | }, | |
178 | }, | |
179 | returns => { type => 'null' }, | |
180 | ||
181 | code => sub { | |
182 | my ($param) = @_; | |
183 | ||
184 | # test if container exists on this node | |
67afe46e | 185 | PVE::LXC::Config->load_config($param->{vmid}); |
9beee926 DM |
186 | |
187 | if (!@{$param->{'extra-args'}}) { | |
188 | die "missing command"; | |
189 | } | |
190 | exec('lxc-attach', '-n', $param->{vmid}, '--', @{$param->{'extra-args'}}); | |
191 | }}); | |
192 | ||
5ef9e3d1 | 193 | __PACKAGE__->register_method ({ |
f8327ed5 EK |
194 | name => 'fsck', |
195 | path => 'fsck', | |
196 | method => 'PUT', | |
5ef9e3d1 | 197 | description => "Run a filesystem check (fsck) on a container volume.", |
f8327ed5 EK |
198 | parameters => { |
199 | additionalProperties => 0, | |
200 | properties => { | |
201 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), | |
202 | force => { | |
203 | optional => 1, | |
204 | type => 'boolean', | |
205 | description => "Force checking, even if the filesystem seems clean", | |
206 | default => 0, | |
207 | }, | |
208 | device => { | |
209 | optional => 1, | |
210 | type => 'string', | |
211 | description => "A volume on which to run the filesystem check", | |
d250604f | 212 | enum => [PVE::LXC::Config->mountpoint_names()], |
f8327ed5 EK |
213 | }, |
214 | }, | |
215 | }, | |
216 | returns => { type => 'null' }, | |
217 | code => sub { | |
218 | ||
219 | my ($param) = @_; | |
220 | my $vmid = $param->{'vmid'}; | |
221 | my $device = defined($param->{'device'}) ? $param->{'device'} : 'rootfs'; | |
222 | ||
223 | my $command = ['fsck', '-a', '-l']; | |
224 | push(@$command, '-f') if $param->{force}; | |
225 | ||
226 | # critical path: all of this will be done while the container is locked | |
227 | my $do_fsck = sub { | |
228 | ||
67afe46e | 229 | my $conf = PVE::LXC::Config->load_config($vmid); |
f8327ed5 EK |
230 | my $storage_cfg = PVE::Storage::config(); |
231 | ||
235dbdf3 | 232 | defined($conf->{$device}) || die "cannot run command on non-existing mount point $device\n"; |
f8327ed5 | 233 | |
1b4cf758 FG |
234 | my $mount_point = $device eq 'rootfs' ? PVE::LXC::Config->parse_ct_rootfs($conf->{$device}) : |
235 | PVE::LXC::Config->parse_ct_mountpoint($conf->{$device}); | |
44a9face | 236 | |
f8327ed5 EK |
237 | my $volid = $mount_point->{volume}; |
238 | ||
239 | my $path; | |
240 | my $storage_id = PVE::Storage::parse_volume_id($volid, 1); | |
241 | ||
242 | if ($storage_id) { | |
f8327ed5 | 243 | my (undef, undef, undef, undef, undef, undef, $format) = |
da9e487b | 244 | PVE::Storage::parse_volname($storage_cfg, $volid); |
f8327ed5 | 245 | |
da9e487b DM |
246 | die "unable to run fsck for '$volid' (format == $format)\n" |
247 | if $format ne 'raw'; | |
f8327ed5 EK |
248 | |
249 | $path = PVE::Storage::path($storage_cfg, $volid); | |
250 | ||
251 | } else { | |
da9e487b | 252 | if (($volid =~ m|^/.+|) && (-b $volid)) { |
f8327ed5 EK |
253 | # pass block devices directly |
254 | $path = $volid; | |
255 | } else { | |
da9e487b | 256 | die "path '$volid' does not point to a block device\n"; |
f8327ed5 EK |
257 | } |
258 | } | |
259 | ||
260 | push(@$command, $path); | |
261 | ||
da9e487b DM |
262 | PVE::LXC::check_running($vmid) && |
263 | die "cannot run fsck on active container\n"; | |
264 | ||
f8327ed5 EK |
265 | PVE::Tools::run_command($command); |
266 | }; | |
267 | ||
67afe46e | 268 | PVE::LXC::Config->lock_config($vmid, $do_fsck); |
f8327ed5 EK |
269 | return undef; |
270 | }}); | |
271 | ||
c93be6ed WB |
272 | __PACKAGE__->register_method({ |
273 | name => 'mount', | |
274 | path => 'mount', | |
275 | method => 'POST', | |
276 | description => "Mount the container's filesystem on the host. " . | |
277 | "This will hold a lock on the container and is meant for emergency maintenance only " . | |
278 | "as it will prevent further operations on the container other than start and stop.", | |
279 | parameters => { | |
280 | additionalProperties => 0, | |
281 | properties => { | |
282 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
283 | }, | |
284 | }, | |
285 | returns => { type => 'null' }, | |
286 | code => sub { | |
287 | my ($param) = @_; | |
288 | ||
289 | my $rpcenv = PVE::RPCEnvironment::get(); | |
290 | ||
291 | my $vmid = extract_param($param, 'vmid'); | |
292 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
293 | PVE::LXC::Config->lock_config($vmid, sub { |
294 | my $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
c93be6ed WB |
295 | PVE::LXC::mount_all($vmid, $storecfg, $conf); |
296 | }); | |
8632d8eb TL |
297 | |
298 | print "mounted CT $vmid in '/var/lib/lxc/$vmid/rootfs'\n"; | |
c93be6ed WB |
299 | return undef; |
300 | }}); | |
301 | ||
302 | __PACKAGE__->register_method({ | |
303 | name => 'unmount', | |
304 | path => 'unmount', | |
305 | method => 'POST', | |
306 | description => "Unmount the container's filesystem.", | |
307 | parameters => { | |
308 | additionalProperties => 0, | |
309 | properties => { | |
310 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
311 | }, | |
312 | }, | |
313 | returns => { type => 'null' }, | |
314 | code => sub { | |
315 | my ($param) = @_; | |
316 | ||
317 | my $rpcenv = PVE::RPCEnvironment::get(); | |
318 | ||
319 | my $vmid = extract_param($param, 'vmid'); | |
320 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
321 | PVE::LXC::Config->lock_config($vmid, sub { |
322 | my $conf = PVE::LXC::Config->load_config($vmid); | |
c93be6ed | 323 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); |
67afe46e | 324 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); |
c93be6ed WB |
325 | }); |
326 | return undef; | |
327 | }}); | |
328 | ||
c6b59656 WB |
329 | __PACKAGE__->register_method({ |
330 | name => 'df', | |
331 | path => 'df', | |
332 | method => 'GET', | |
333 | description => "Get the container's current disk usage.", | |
334 | parameters => { | |
335 | additionalProperties => 0, | |
336 | properties => { | |
337 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
338 | }, | |
339 | }, | |
340 | returns => { type => 'null' }, | |
341 | code => sub { | |
342 | my ($param) = @_; | |
343 | ||
344 | my $rpcenv = PVE::RPCEnvironment::get(); | |
345 | ||
346 | # JSONSchema's format_size is exact, this uses floating point numbers | |
347 | my $format = sub { | |
348 | my ($size) = @_; | |
349 | return $size if $size < 1024.; | |
350 | $size /= 1024.; | |
351 | return sprintf('%.1fK', ${size}) if $size < 1024.; | |
352 | $size /= 1024.; | |
353 | return sprintf('%.1fM', ${size}) if $size < 1024.; | |
354 | $size /= 1024.; | |
355 | return sprintf('%.1fG', ${size}) if $size < 1024.; | |
356 | $size /= 1024.; | |
357 | return sprintf('%.1fT', ${size}) if $size < 1024.; | |
358 | }; | |
359 | ||
360 | my $vmid = extract_param($param, 'vmid'); | |
361 | PVE::LXC::Config->lock_config($vmid, sub { | |
362 | my $pid = eval { PVE::LXC::find_lxc_pid($vmid) }; | |
363 | my ($conf, $rootdir, $storecfg, $mounted); | |
364 | if ($@ || !$pid) { | |
365 | $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
366 | $rootdir = "/var/lib/lxc/$vmid/rootfs"; | |
367 | $storecfg = PVE::Storage::config(); | |
368 | PVE::LXC::mount_all($vmid, $storecfg, $conf); | |
369 | $mounted = 1; | |
370 | } else { | |
371 | $conf = PVE::LXC::Config->load_config($vmid); | |
372 | $rootdir = "/proc/$pid/root"; | |
373 | } | |
374 | ||
375 | my @list = [qw(MP Volume Size Used Avail Use% Path)]; | |
376 | my @len = map { length($_) } @{$list[0]}; | |
377 | ||
378 | eval { | |
379 | PVE::LXC::Config->foreach_mountpoint($conf, sub { | |
380 | my ($name, $mp) = @_; | |
381 | my $path = $mp->{mp}; | |
382 | ||
383 | my $df = PVE::Tools::df("$rootdir/$path", 3); | |
384 | my $total = $format->($df->{total}); | |
385 | my $used = $format->($df->{used}); | |
386 | my $avail = $format->($df->{avail}); | |
387 | ||
388 | my $pc = sprintf('%.1f', $df->{used}/$df->{total}); | |
389 | ||
390 | my $entry = [ $name, $mp->{volume}, $total, $used, $avail, $pc, $path ]; | |
391 | push @list, $entry; | |
392 | ||
393 | foreach my $i (0..5) { | |
394 | $len[$i] = length($entry->[$i]) | |
395 | if $len[$i] < length($entry->[$i]); | |
396 | } | |
397 | }); | |
398 | ||
399 | my $format = "%-$len[0]s %-$len[1]s %$len[2]s %$len[3]s %$len[4]s %$len[5]s %s\n"; | |
400 | printf($format, @$_) foreach @list; | |
401 | }; | |
402 | warn $@ if $@; | |
403 | ||
404 | if ($mounted) { | |
405 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); | |
406 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); | |
407 | } | |
408 | }); | |
409 | return undef; | |
410 | }}); | |
411 | ||
b95bf64b WB |
412 | # File creation with specified ownership and permissions. |
413 | # User and group can be names or decimal numbers. | |
414 | # Permissions are explicit (not affected by umask) and can be numeric with the | |
415 | # usual 0/0x prefixes for octal/hex. | |
416 | sub create_file { | |
417 | my ($path, $perms, $user, $group) = @_; | |
418 | my ($uid, $gid); | |
419 | if (defined($user)) { | |
420 | if ($user =~ /^\d+$/) { | |
421 | $uid = int($user); | |
422 | } else { | |
423 | $uid = getpwnam($user) or die "failed to get uid for: $user\n" | |
424 | } | |
425 | } | |
426 | if (defined($group)) { | |
427 | if ($group =~ /^\d+$/) { | |
428 | $gid = int($group); | |
429 | } else { | |
430 | $gid = getgrnam($group) or die "failed to get gid for: $group\n" | |
431 | } | |
432 | } | |
433 | ||
434 | if (defined($perms)) { | |
435 | $! = 0; | |
436 | my ($mode, $unparsed) = POSIX::strtoul($perms, 0); | |
437 | die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!; | |
438 | $perms = $mode; | |
439 | } | |
440 | ||
441 | my $fd; | |
442 | if (sysopen($fd, $path, O_WRONLY | O_CREAT | O_EXCL, 0)) { | |
443 | $perms = 0666 & ~umask if !defined($perms); | |
444 | } else { | |
445 | # If the path previously existed then we do not care about left-over | |
446 | # file descriptors even if the permissions/ownership is changed. | |
447 | sysopen($fd, $path, O_WRONLY | O_CREAT | O_TRUNC) | |
448 | or die "failed to create file: $path: $!\n"; | |
449 | } | |
450 | ||
451 | my $trunc = 0; | |
452 | ||
453 | if (defined($perms)) { | |
454 | $trunc = 1; | |
455 | chmod($perms, $fd); | |
456 | } | |
457 | ||
458 | if (defined($uid) || defined($gid)) { | |
459 | $trunc = 1; | |
460 | my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid); | |
461 | $uid = $fuid if !defined($uid); | |
462 | $gid = $fgid if !defined($gid); | |
463 | chown($uid, $gid, $fd) | |
464 | or die "failed to change file owner: $!\n"; | |
465 | } | |
466 | return $fd; | |
467 | } | |
468 | ||
6827e44d AA |
469 | __PACKAGE__->register_method ({ |
470 | name => 'rescan', | |
471 | path => 'rescan', | |
472 | method => 'POST', | |
473 | description => "Rescan all storages and update disk sizes and unused disk images.", | |
474 | parameters => { | |
475 | additionalProperties => 0, | |
476 | properties => { | |
477 | vmid => get_standard_option('pve-vmid', { | |
478 | optional => 1, | |
479 | completion => \&PVE::LXC::complete_ctid, | |
480 | }), | |
481 | dryrun => { | |
482 | type => 'boolean', | |
483 | optional => 1, | |
484 | default => 0, | |
485 | description => 'Do not actually write changes out to conifg.', | |
486 | }, | |
487 | }, | |
488 | }, | |
489 | returns => { type => 'null'}, | |
490 | code => sub { | |
491 | my ($param) = @_; | |
492 | ||
493 | my $dryrun = $param->{dryrun}; | |
494 | ||
495 | print "NOTE: running in dry-run mode, won't write changes out!\n" if $dryrun; | |
496 | ||
497 | PVE::LXC::rescan($param->{vmid}, 0, $dryrun); | |
498 | ||
499 | return undef; | |
500 | }}); | |
501 | ||
b95bf64b WB |
502 | __PACKAGE__->register_method({ |
503 | name => 'pull', | |
504 | path => 'pull', | |
505 | method => 'PUT', | |
506 | description => "Copy a file from the container to the local system.", | |
507 | parameters => { | |
508 | additionalProperties => 0, | |
509 | properties => { | |
510 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
511 | path => { | |
512 | type => 'string', | |
513 | description => "Path to a file inside the container to pull.", | |
514 | }, | |
515 | destination => { | |
516 | type => 'string', | |
517 | description => "Destination", | |
518 | }, | |
519 | user => { | |
520 | type => 'string', | |
521 | description => 'Owner user name or id.', | |
522 | optional => 1, | |
523 | }, | |
524 | group => { | |
525 | type => 'string', | |
526 | description => 'Owner group name or id.', | |
527 | optional => 1, | |
528 | }, | |
529 | perms => { | |
530 | type => 'string', | |
893e40de | 531 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
532 | optional => 1, |
533 | }, | |
534 | }, | |
535 | }, | |
536 | returns => { | |
537 | type => 'string', | |
538 | description => "the task ID.", | |
539 | }, | |
540 | code => sub { | |
541 | my ($param) = @_; | |
542 | ||
543 | my $rpcenv = PVE::RPCEnvironment::get(); | |
544 | ||
545 | my $vmid = extract_param($param, 'vmid'); | |
546 | my $path = extract_param($param, 'path'); | |
547 | my $dest = extract_param($param, 'destination'); | |
548 | ||
549 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
550 | # assume octal as default |
551 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
552 | my $user = extract_param($param, 'user'); |
553 | my $group = extract_param($param, 'group'); | |
554 | ||
555 | my $code = sub { | |
556 | my $running = PVE::LXC::check_running($vmid); | |
557 | die "can only pull files from a running VM" if !$running; | |
558 | ||
559 | my $realcmd = sub { | |
560 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
561 | # Avoid symlink issues by opening the files from inside the | |
562 | # corresponding namespaces. | |
563 | my $destfd = create_file($dest, $perms, $user, $group); | |
564 | ||
565 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
566 | or die "failed to open the container's mount namespace\n"; | |
567 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
568 | or die "failed to enter the container's mount namespace\n"; | |
569 | close($mntnsfd); | |
570 | chdir('/') or die "failed to change to container root directory\n"; | |
571 | ||
572 | open my $srcfd, '<', $path | |
573 | or die "failed to open $path: $!\n"; | |
574 | ||
575 | copy($srcfd, $destfd); | |
576 | }; | |
577 | ||
578 | # This avoids having to setns() back to our namespace. | |
579 | return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd); | |
580 | }; | |
581 | ||
67afe46e | 582 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
583 | }}); |
584 | ||
585 | __PACKAGE__->register_method({ | |
586 | name => 'push', | |
587 | path => 'push', | |
588 | method => 'PUT', | |
589 | description => "Copy a local file to the container.", | |
590 | parameters => { | |
591 | additionalProperties => 0, | |
592 | properties => { | |
593 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
594 | file => { | |
595 | type => 'string', | |
596 | description => "Path to a local file.", | |
597 | }, | |
598 | destination => { | |
599 | type => 'string', | |
600 | description => "Destination inside the container to write to.", | |
601 | }, | |
602 | user => { | |
603 | type => 'string', | |
604 | description => 'Owner user name or id. When using a name it must exist inside the container.', | |
605 | optional => 1, | |
606 | }, | |
607 | group => { | |
608 | type => 'string', | |
609 | description => 'Owner group name or id. When using a name it must exist inside the container.', | |
610 | optional => 1, | |
611 | }, | |
612 | perms => { | |
613 | type => 'string', | |
893e40de | 614 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
615 | optional => 1, |
616 | }, | |
617 | }, | |
618 | }, | |
619 | returns => { | |
620 | type => 'string', | |
621 | description => "the task ID.", | |
622 | }, | |
623 | code => sub { | |
624 | my ($param) = @_; | |
625 | ||
626 | my $rpcenv = PVE::RPCEnvironment::get(); | |
627 | ||
628 | my $vmid = extract_param($param, 'vmid'); | |
629 | my $file = extract_param($param, 'file'); | |
630 | my $dest = extract_param($param, 'destination'); | |
631 | ||
632 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
633 | # assume octal as default |
634 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
635 | my $user = extract_param($param, 'user'); |
636 | my $group = extract_param($param, 'group'); | |
637 | ||
638 | my $code = sub { | |
639 | my $running = PVE::LXC::check_running($vmid); | |
5a883bff | 640 | die "can only push files to a running CT\n" if !$running; |
b95bf64b | 641 | |
67afe46e | 642 | my $conf = PVE::LXC::Config->load_config($vmid); |
b95bf64b WB |
643 | my $unprivileged = $conf->{unprivileged}; |
644 | ||
645 | my $realcmd = sub { | |
646 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
647 | # We open the file then enter the container's mount - and for | |
648 | # unprivileged containers - user namespace and then create the | |
649 | # file. This avoids symlink attacks as a symlink cannot point | |
650 | # outside the namespace and our own access is equivalent to the | |
651 | # container-local's root user. Also the user-passed -user and | |
652 | # -group parameters will use the container-local's user and | |
653 | # group names. | |
654 | sysopen my $srcfd, $file, O_RDONLY | |
655 | or die "failed to open $file for reading\n"; | |
656 | ||
657 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
658 | or die "failed to open the container's mount namespace\n"; | |
659 | my $usernsfd; | |
660 | if ($unprivileged) { | |
661 | sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY | |
662 | or die "failed to open the container's user namespace\n"; | |
663 | } | |
664 | ||
665 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
666 | or die "failed to enter the container's mount namespace\n"; | |
667 | close($mntnsfd); | |
668 | chdir('/') or die "failed to change to container root directory\n"; | |
669 | ||
670 | if ($unprivileged) { | |
671 | PVE::Tools::setns(fileno($usernsfd), PVE::Tools::CLONE_NEWUSER) | |
672 | or die "failed to enter the container's user namespace\n"; | |
673 | close($usernsfd); | |
674 | POSIX::setgid(0) or die "setgid failed: $!\n"; | |
675 | POSIX::setuid(0) or die "setuid failed: $!\n"; | |
676 | } | |
677 | ||
678 | my $destfd = create_file($dest, $perms, $user, $group); | |
679 | copy($srcfd, $destfd); | |
680 | }; | |
681 | ||
682 | # This avoids having to setns() back to our namespace. | |
683 | return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd); | |
684 | }; | |
685 | ||
67afe46e | 686 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
687 | }}); |
688 | ||
c87b1505 DM |
689 | __PACKAGE__->register_method ({ |
690 | name => 'cpusets', | |
691 | path => 'cpusets', | |
692 | method => 'GET', | |
693 | description => "Print the list of assigned CPU sets.", | |
694 | parameters => { | |
695 | additionalProperties => 0, | |
696 | properties => {}, | |
697 | }, | |
698 | returns => { type => 'null'}, | |
699 | code => sub { | |
700 | my ($param) = @_; | |
701 | ||
0b6a2f0e WB |
702 | my $cgv1 = PVE::LXC::get_cgroup_subsystems(); |
703 | if (!$cgv1->{cpuset}) { | |
704 | print "cpuset cgroup not available\n"; | |
705 | return undef; | |
706 | } | |
707 | ||
c87b1505 DM |
708 | my $ctlist = PVE::LXC::config_list(); |
709 | ||
710 | my $len = 0; | |
711 | my $id_len = 0; | |
712 | my $res = {}; | |
713 | ||
714 | foreach my $vmid (sort keys %$ctlist) { | |
715 | next if ! -d "/sys/fs/cgroup/cpuset/lxc/$vmid"; | |
716 | ||
717 | my $cpuset = eval { PVE::CpuSet->new_from_cgroup("lxc/$vmid"); }; | |
718 | if (my $err = $@) { | |
719 | warn $err; | |
720 | next; | |
721 | } | |
722 | my @cpuset_members = $cpuset->members(); | |
723 | ||
724 | my $line = ': '; | |
725 | ||
726 | my $last = $cpuset_members[-1]; | |
727 | ||
728 | for (my $id = 0; $id <= $last; $id++) { | |
729 | my $empty = ' ' x length("$id"); | |
730 | $line .= ' ' . ($cpuset->has($id) ? $id : $empty); | |
731 | } | |
732 | $len = length($line) if length($line) > $len; | |
733 | $id_len = length($vmid) if length($vmid) > $id_len; | |
734 | ||
735 | $res->{$vmid} = $line; | |
736 | } | |
737 | ||
486fe362 | 738 | my @vmlist = sort keys %$res; |
c87b1505 | 739 | |
486fe362 DM |
740 | if (scalar(@vmlist)) { |
741 | my $header = '-' x ($len + $id_len) . "\n"; | |
742 | ||
743 | print $header; | |
744 | foreach my $vmid (@vmlist) { | |
745 | print sprintf("%${id_len}i%s\n", $vmid, $res->{$vmid}); | |
746 | } | |
747 | print $header; | |
748 | ||
749 | } else { | |
750 | print "no running containers\n"; | |
c87b1505 | 751 | } |
c87b1505 DM |
752 | |
753 | return undef; | |
754 | }}); | |
755 | ||
e08ac1a0 OB |
756 | __PACKAGE__->register_method ({ |
757 | name => 'fstrim', | |
758 | path => 'fstrim', | |
759 | method => 'POST', | |
760 | description => "Run fstrim on a chosen CT and its mountpoints.", | |
761 | parameters => { | |
762 | additionalProperties => 0, | |
763 | properties => { | |
764 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
765 | }, | |
766 | }, | |
767 | returns => { type => 'null' }, | |
768 | code => sub { | |
769 | ||
770 | my ($param) = @_; | |
771 | my $vmid = $param->{'vmid'}; | |
772 | ||
773 | my $rootdir = "/var/lib/lxc/$vmid/rootfs"; | |
774 | ||
775 | my $storecfg = PVE::Storage::config(); | |
776 | my $conf = PVE::LXC::Config->set_lock($vmid, 'fstrim'); | |
e08ac1a0 OB |
777 | eval { |
778 | my $path = ""; | |
a179d3a7 | 779 | PVE::LXC::mount_all($vmid, $storecfg, $conf); |
e08ac1a0 OB |
780 | PVE::LXC::Config->foreach_mountpoint($conf, sub { |
781 | my ($name, $mp) = @_; | |
782 | $path = $mp->{mp}; | |
783 | my $cmd = ["fstrim", "-v", "$rootdir$path"]; | |
784 | PVE::Tools::run_command($cmd); | |
785 | }); | |
786 | }; | |
a179d3a7 | 787 | warn $@ if $@; |
e08ac1a0 OB |
788 | |
789 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); | |
790 | PVE::LXC::Config->remove_lock($vmid, 'fstrim'); | |
791 | ||
792 | return undef; | |
793 | }}); | |
794 | ||
9beee926 DM |
795 | our $cmddef = { |
796 | list=> [ 'PVE::API2::LXC', 'vmlist', [], { node => $nodename }, sub { | |
797 | my $res = shift; | |
798 | return if !scalar(@$res); | |
d0226204 WB |
799 | my $format = "%-10s %-10s %-12s %-20s\n"; |
800 | printf($format, 'VMID', 'Status', 'Lock', 'Name'); | |
9beee926 | 801 | foreach my $d (sort {$a->{vmid} <=> $b->{vmid} } @$res) { |
d0226204 | 802 | printf($format, $d->{vmid}, $d->{status}, $d->{lock}, $d->{name}); |
9beee926 DM |
803 | } |
804 | }], | |
805 | config => [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'], | |
806 | { node => $nodename }, sub { | |
807 | my $config = shift; | |
808 | foreach my $k (sort (keys %$config)) { | |
809 | next if $k eq 'digest'; | |
8a778340 | 810 | next if $k eq 'lxc'; |
9beee926 DM |
811 | my $v = $config->{$k}; |
812 | if ($k eq 'description') { | |
813 | $v = PVE::Tools::encode_text($v); | |
814 | } | |
815 | print "$k: $v\n"; | |
816 | } | |
8a778340 FG |
817 | if (defined($config->{'lxc'})) { |
818 | my $lxc_list = $config->{'lxc'}; | |
819 | foreach my $lxc_opt (@$lxc_list) { | |
820 | print "$lxc_opt->[0]: $lxc_opt->[1]\n" | |
821 | } | |
822 | } | |
9beee926 DM |
823 | }], |
824 | set => [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node => $nodename }], | |
40626217 | 825 | |
985b18ed | 826 | resize => [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node => $nodename } ], |
9beee926 DM |
827 | |
828 | create => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename }, $upid_exit ], | |
829 | restore => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename, restore => 1 }, $upid_exit ], | |
830 | ||
831 | start => [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node => $nodename }, $upid_exit], | |
832 | suspend => [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node => $nodename }, $upid_exit], | |
833 | resume => [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node => $nodename }, $upid_exit], | |
834 | shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node => $nodename }, $upid_exit], | |
835 | stop => [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node => $nodename }, $upid_exit], | |
836 | ||
c4a33727 | 837 | clone => [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node => $nodename }, $upid_exit ], |
9beee926 | 838 | migrate => [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node => $nodename }, $upid_exit], |
3c0f6806 | 839 | move_volume => [ "PVE::API2::LXC", 'move_volume', ['vmid', 'volume', 'storage'], { node => $nodename }, $upid_exit ], |
9beee926 | 840 | |
699ee9b2 | 841 | status => [ __PACKAGE__, 'status', ['vmid']], |
9beee926 DM |
842 | console => [ __PACKAGE__, 'console', ['vmid']], |
843 | enter => [ __PACKAGE__, 'enter', ['vmid']], | |
c72bd0ba | 844 | unlock => [ __PACKAGE__, 'unlock', ['vmid']], |
9beee926 | 845 | exec => [ __PACKAGE__, 'exec', ['vmid', 'extra-args']], |
f8327ed5 | 846 | fsck => [ __PACKAGE__, 'fsck', ['vmid']], |
b95bf64b | 847 | |
c93be6ed WB |
848 | mount => [ __PACKAGE__, 'mount', ['vmid']], |
849 | unmount => [ __PACKAGE__, 'unmount', ['vmid']], | |
b95bf64b WB |
850 | push => [ __PACKAGE__, 'push', ['vmid', 'file', 'destination']], |
851 | pull => [ __PACKAGE__, 'pull', ['vmid', 'path', 'destination']], | |
c6b59656 WB |
852 | |
853 | df => [ __PACKAGE__, 'df', ['vmid']], | |
6827e44d | 854 | rescan => [ __PACKAGE__, 'rescan', []], |
c6b59656 | 855 | |
9beee926 DM |
856 | destroy => [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'], |
857 | { node => $nodename }, $upid_exit ], | |
858 | ||
859 | snapshot => [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'], | |
860 | { node => $nodename } , $upid_exit ], | |
861 | ||
862 | delsnapshot => [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
863 | ||
864 | listsnapshot => [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node => $nodename }, | |
865 | sub { | |
866 | my $res = shift; | |
867 | foreach my $e (@$res) { | |
868 | my $headline = $e->{description} || 'no-description'; | |
869 | $headline =~ s/\n.*//sg; | |
870 | my $parent = $e->{parent} // 'no-parent'; | |
871 | printf("%-20s %-20s %s\n", $e->{name}, $parent, $headline); | |
872 | } | |
873 | }], | |
874 | ||
875 | rollback => [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
876 | ||
877 | template => [ "PVE::API2::LXC", 'template', ['vmid'], { node => $nodename }], | |
c87b1505 DM |
878 | |
879 | cpusets => [ __PACKAGE__, 'cpusets', []], | |
880 | ||
e08ac1a0 OB |
881 | fstrim => [ __PACKAGE__, 'fstrim', ['vmid']], |
882 | ||
9beee926 DM |
883 | }; |
884 | ||
885 | ||
886 | 1; |