]>
Commit | Line | Data |
---|---|---|
9beee926 DM |
1 | package PVE::CLI::pct; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
b95bf64b WB |
6 | use POSIX; |
7 | use Fcntl; | |
8 | use File::Copy 'copy'; | |
70f2d702 | 9 | use Term::ReadLine; |
b95bf64b | 10 | |
9beee926 DM |
11 | use PVE::SafeSyslog; |
12 | use PVE::Tools qw(extract_param); | |
13 | use PVE::Cluster; | |
14 | use PVE::INotify; | |
15 | use PVE::RPCEnvironment; | |
16 | use PVE::JSONSchema qw(get_standard_option); | |
17 | use PVE::CLIHandler; | |
18 | use PVE::API2::LXC; | |
19 | use PVE::API2::LXC::Config; | |
20 | use PVE::API2::LXC::Status; | |
21 | use PVE::API2::LXC::Snapshot; | |
22 | ||
23 | use Data::Dumper; | |
24 | ||
25 | use base qw(PVE::CLIHandler); | |
26 | ||
27 | my $nodename = PVE::INotify::nodename(); | |
28 | ||
29 | my $upid_exit = sub { | |
30 | my $upid = shift; | |
31 | my $status = PVE::Tools::upid_read_status($upid); | |
32 | exit($status eq 'OK' ? 0 : -1); | |
33 | }; | |
34 | ||
70f2d702 FG |
35 | sub read_password { |
36 | my $term = new Term::ReadLine ('pct'); | |
37 | my $attribs = $term->Attribs; | |
38 | $attribs->{redisplay_function} = $attribs->{shadow_redisplay}; | |
39 | my $input = $term->readline('Enter password: '); | |
40 | my $conf = $term->readline('Retype password: '); | |
41 | die "Passwords do not match.\n" if ($input ne $conf); | |
42 | return $input; | |
43 | } | |
44 | ||
34ddbf08 FG |
45 | sub string_param_file_mapping { |
46 | my ($name) = @_; | |
47 | ||
48 | my $mapping = { | |
49 | 'create_vm' => ['ssh-public-keys'], | |
50 | }; | |
51 | ||
52 | return defined($mapping->{$name}) ? $mapping->{$name} : []; | |
53 | } | |
54 | ||
c72bd0ba WL |
55 | __PACKAGE__->register_method ({ |
56 | name => 'unlock', | |
57 | path => 'unlock', | |
58 | method => 'PUT', | |
59 | description => "Unlock the VM.", | |
60 | parameters => { | |
61 | additionalProperties => 0, | |
62 | properties => { | |
63 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
64 | }, | |
65 | }, | |
66 | returns => { type => 'null'}, | |
67 | code => sub { | |
68 | my ($param) = @_; | |
69 | ||
70 | my $vmid = $param->{vmid}; | |
71 | ||
ad408fe1 | 72 | PVE::LXC::Config->remove_lock($vmid); |
c72bd0ba WL |
73 | |
74 | return undef; | |
75 | }}); | |
76 | ||
9beee926 DM |
77 | __PACKAGE__->register_method ({ |
78 | name => 'console', | |
79 | path => 'console', | |
80 | method => 'GET', | |
81 | description => "Launch a console for the specified container.", | |
82 | parameters => { | |
83 | additionalProperties => 0, | |
84 | properties => { | |
85 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
86 | }, | |
87 | }, | |
88 | returns => { type => 'null' }, | |
89 | ||
90 | code => sub { | |
91 | my ($param) = @_; | |
92 | ||
93 | # test if container exists on this node | |
67afe46e | 94 | my $conf = PVE::LXC::Config->load_config($param->{vmid}); |
9beee926 DM |
95 | |
96 | my $cmd = PVE::LXC::get_console_command($param->{vmid}, $conf); | |
97 | exec(@$cmd); | |
98 | }}); | |
99 | ||
100 | __PACKAGE__->register_method ({ | |
101 | name => 'enter', | |
102 | path => 'enter', | |
103 | method => 'GET', | |
104 | description => "Launch a shell for the specified container.", | |
105 | parameters => { | |
106 | additionalProperties => 0, | |
107 | properties => { | |
108 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), | |
109 | }, | |
110 | }, | |
111 | returns => { type => 'null' }, | |
112 | ||
113 | code => sub { | |
114 | my ($param) = @_; | |
115 | ||
d4b3eead TL |
116 | my $vmid = $param->{vmid}; |
117 | ||
9beee926 | 118 | # test if container exists on this node |
67afe46e | 119 | PVE::LXC::Config->load_config($vmid); |
d4b3eead TL |
120 | |
121 | die "Error: container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid); | |
9beee926 | 122 | |
d4b3eead | 123 | exec('lxc-attach', '-n', $vmid); |
9beee926 DM |
124 | }}); |
125 | ||
126 | __PACKAGE__->register_method ({ | |
127 | name => 'exec', | |
128 | path => 'exec', | |
129 | method => 'GET', | |
130 | description => "Launch a command inside the specified container.", | |
131 | parameters => { | |
132 | additionalProperties => 0, | |
133 | properties => { | |
4b09527c | 134 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }), |
9beee926 DM |
135 | 'extra-args' => get_standard_option('extra-args'), |
136 | }, | |
137 | }, | |
138 | returns => { type => 'null' }, | |
139 | ||
140 | code => sub { | |
141 | my ($param) = @_; | |
142 | ||
143 | # test if container exists on this node | |
67afe46e | 144 | PVE::LXC::Config->load_config($param->{vmid}); |
9beee926 DM |
145 | |
146 | if (!@{$param->{'extra-args'}}) { | |
147 | die "missing command"; | |
148 | } | |
149 | exec('lxc-attach', '-n', $param->{vmid}, '--', @{$param->{'extra-args'}}); | |
150 | }}); | |
151 | ||
5ef9e3d1 | 152 | __PACKAGE__->register_method ({ |
f8327ed5 EK |
153 | name => 'fsck', |
154 | path => 'fsck', | |
155 | method => 'PUT', | |
5ef9e3d1 | 156 | description => "Run a filesystem check (fsck) on a container volume.", |
f8327ed5 EK |
157 | parameters => { |
158 | additionalProperties => 0, | |
159 | properties => { | |
160 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }), | |
161 | force => { | |
162 | optional => 1, | |
163 | type => 'boolean', | |
164 | description => "Force checking, even if the filesystem seems clean", | |
165 | default => 0, | |
166 | }, | |
167 | device => { | |
168 | optional => 1, | |
169 | type => 'string', | |
170 | description => "A volume on which to run the filesystem check", | |
d250604f | 171 | enum => [PVE::LXC::Config->mountpoint_names()], |
f8327ed5 EK |
172 | }, |
173 | }, | |
174 | }, | |
175 | returns => { type => 'null' }, | |
176 | code => sub { | |
177 | ||
178 | my ($param) = @_; | |
179 | my $vmid = $param->{'vmid'}; | |
180 | my $device = defined($param->{'device'}) ? $param->{'device'} : 'rootfs'; | |
181 | ||
182 | my $command = ['fsck', '-a', '-l']; | |
183 | push(@$command, '-f') if $param->{force}; | |
184 | ||
185 | # critical path: all of this will be done while the container is locked | |
186 | my $do_fsck = sub { | |
187 | ||
67afe46e | 188 | my $conf = PVE::LXC::Config->load_config($vmid); |
f8327ed5 EK |
189 | my $storage_cfg = PVE::Storage::config(); |
190 | ||
191 | defined($conf->{$device}) || die "cannot run command on unexisting mountpoint $device\n"; | |
192 | ||
1b4cf758 FG |
193 | my $mount_point = $device eq 'rootfs' ? PVE::LXC::Config->parse_ct_rootfs($conf->{$device}) : |
194 | PVE::LXC::Config->parse_ct_mountpoint($conf->{$device}); | |
44a9face | 195 | |
f8327ed5 EK |
196 | my $volid = $mount_point->{volume}; |
197 | ||
198 | my $path; | |
199 | my $storage_id = PVE::Storage::parse_volume_id($volid, 1); | |
200 | ||
201 | if ($storage_id) { | |
f8327ed5 | 202 | my (undef, undef, undef, undef, undef, undef, $format) = |
da9e487b | 203 | PVE::Storage::parse_volname($storage_cfg, $volid); |
f8327ed5 | 204 | |
da9e487b DM |
205 | die "unable to run fsck for '$volid' (format == $format)\n" |
206 | if $format ne 'raw'; | |
f8327ed5 EK |
207 | |
208 | $path = PVE::Storage::path($storage_cfg, $volid); | |
209 | ||
210 | } else { | |
da9e487b | 211 | if (($volid =~ m|^/.+|) && (-b $volid)) { |
f8327ed5 EK |
212 | # pass block devices directly |
213 | $path = $volid; | |
214 | } else { | |
da9e487b | 215 | die "path '$volid' does not point to a block device\n"; |
f8327ed5 EK |
216 | } |
217 | } | |
218 | ||
219 | push(@$command, $path); | |
220 | ||
da9e487b DM |
221 | PVE::LXC::check_running($vmid) && |
222 | die "cannot run fsck on active container\n"; | |
223 | ||
f8327ed5 EK |
224 | PVE::Tools::run_command($command); |
225 | }; | |
226 | ||
67afe46e | 227 | PVE::LXC::Config->lock_config($vmid, $do_fsck); |
f8327ed5 EK |
228 | return undef; |
229 | }}); | |
230 | ||
c93be6ed WB |
231 | __PACKAGE__->register_method({ |
232 | name => 'mount', | |
233 | path => 'mount', | |
234 | method => 'POST', | |
235 | description => "Mount the container's filesystem on the host. " . | |
236 | "This will hold a lock on the container and is meant for emergency maintenance only " . | |
237 | "as it will prevent further operations on the container other than start and stop.", | |
238 | parameters => { | |
239 | additionalProperties => 0, | |
240 | properties => { | |
241 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
242 | }, | |
243 | }, | |
244 | returns => { type => 'null' }, | |
245 | code => sub { | |
246 | my ($param) = @_; | |
247 | ||
248 | my $rpcenv = PVE::RPCEnvironment::get(); | |
249 | ||
250 | my $vmid = extract_param($param, 'vmid'); | |
251 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
252 | PVE::LXC::Config->lock_config($vmid, sub { |
253 | my $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
c93be6ed WB |
254 | PVE::LXC::mount_all($vmid, $storecfg, $conf); |
255 | }); | |
256 | return undef; | |
257 | }}); | |
258 | ||
259 | __PACKAGE__->register_method({ | |
260 | name => 'unmount', | |
261 | path => 'unmount', | |
262 | method => 'POST', | |
263 | description => "Unmount the container's filesystem.", | |
264 | parameters => { | |
265 | additionalProperties => 0, | |
266 | properties => { | |
267 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
268 | }, | |
269 | }, | |
270 | returns => { type => 'null' }, | |
271 | code => sub { | |
272 | my ($param) = @_; | |
273 | ||
274 | my $rpcenv = PVE::RPCEnvironment::get(); | |
275 | ||
276 | my $vmid = extract_param($param, 'vmid'); | |
277 | my $storecfg = PVE::Storage::config(); | |
67afe46e FG |
278 | PVE::LXC::Config->lock_config($vmid, sub { |
279 | my $conf = PVE::LXC::Config->load_config($vmid); | |
c93be6ed | 280 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); |
67afe46e | 281 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); |
c93be6ed WB |
282 | }); |
283 | return undef; | |
284 | }}); | |
285 | ||
c6b59656 WB |
286 | __PACKAGE__->register_method({ |
287 | name => 'df', | |
288 | path => 'df', | |
289 | method => 'GET', | |
290 | description => "Get the container's current disk usage.", | |
291 | parameters => { | |
292 | additionalProperties => 0, | |
293 | properties => { | |
294 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
295 | }, | |
296 | }, | |
297 | returns => { type => 'null' }, | |
298 | code => sub { | |
299 | my ($param) = @_; | |
300 | ||
301 | my $rpcenv = PVE::RPCEnvironment::get(); | |
302 | ||
303 | # JSONSchema's format_size is exact, this uses floating point numbers | |
304 | my $format = sub { | |
305 | my ($size) = @_; | |
306 | return $size if $size < 1024.; | |
307 | $size /= 1024.; | |
308 | return sprintf('%.1fK', ${size}) if $size < 1024.; | |
309 | $size /= 1024.; | |
310 | return sprintf('%.1fM', ${size}) if $size < 1024.; | |
311 | $size /= 1024.; | |
312 | return sprintf('%.1fG', ${size}) if $size < 1024.; | |
313 | $size /= 1024.; | |
314 | return sprintf('%.1fT', ${size}) if $size < 1024.; | |
315 | }; | |
316 | ||
317 | my $vmid = extract_param($param, 'vmid'); | |
318 | PVE::LXC::Config->lock_config($vmid, sub { | |
319 | my $pid = eval { PVE::LXC::find_lxc_pid($vmid) }; | |
320 | my ($conf, $rootdir, $storecfg, $mounted); | |
321 | if ($@ || !$pid) { | |
322 | $conf = PVE::LXC::Config->set_lock($vmid, 'mounted'); | |
323 | $rootdir = "/var/lib/lxc/$vmid/rootfs"; | |
324 | $storecfg = PVE::Storage::config(); | |
325 | PVE::LXC::mount_all($vmid, $storecfg, $conf); | |
326 | $mounted = 1; | |
327 | } else { | |
328 | $conf = PVE::LXC::Config->load_config($vmid); | |
329 | $rootdir = "/proc/$pid/root"; | |
330 | } | |
331 | ||
332 | my @list = [qw(MP Volume Size Used Avail Use% Path)]; | |
333 | my @len = map { length($_) } @{$list[0]}; | |
334 | ||
335 | eval { | |
336 | PVE::LXC::Config->foreach_mountpoint($conf, sub { | |
337 | my ($name, $mp) = @_; | |
338 | my $path = $mp->{mp}; | |
339 | ||
340 | my $df = PVE::Tools::df("$rootdir/$path", 3); | |
341 | my $total = $format->($df->{total}); | |
342 | my $used = $format->($df->{used}); | |
343 | my $avail = $format->($df->{avail}); | |
344 | ||
345 | my $pc = sprintf('%.1f', $df->{used}/$df->{total}); | |
346 | ||
347 | my $entry = [ $name, $mp->{volume}, $total, $used, $avail, $pc, $path ]; | |
348 | push @list, $entry; | |
349 | ||
350 | foreach my $i (0..5) { | |
351 | $len[$i] = length($entry->[$i]) | |
352 | if $len[$i] < length($entry->[$i]); | |
353 | } | |
354 | }); | |
355 | ||
356 | my $format = "%-$len[0]s %-$len[1]s %$len[2]s %$len[3]s %$len[4]s %$len[5]s %s\n"; | |
357 | printf($format, @$_) foreach @list; | |
358 | }; | |
359 | warn $@ if $@; | |
360 | ||
361 | if ($mounted) { | |
362 | PVE::LXC::umount_all($vmid, $storecfg, $conf, 0); | |
363 | PVE::LXC::Config->remove_lock($vmid, 'mounted'); | |
364 | } | |
365 | }); | |
366 | return undef; | |
367 | }}); | |
368 | ||
b95bf64b WB |
369 | # File creation with specified ownership and permissions. |
370 | # User and group can be names or decimal numbers. | |
371 | # Permissions are explicit (not affected by umask) and can be numeric with the | |
372 | # usual 0/0x prefixes for octal/hex. | |
373 | sub create_file { | |
374 | my ($path, $perms, $user, $group) = @_; | |
375 | my ($uid, $gid); | |
376 | if (defined($user)) { | |
377 | if ($user =~ /^\d+$/) { | |
378 | $uid = int($user); | |
379 | } else { | |
380 | $uid = getpwnam($user) or die "failed to get uid for: $user\n" | |
381 | } | |
382 | } | |
383 | if (defined($group)) { | |
384 | if ($group =~ /^\d+$/) { | |
385 | $gid = int($group); | |
386 | } else { | |
387 | $gid = getgrnam($group) or die "failed to get gid for: $group\n" | |
388 | } | |
389 | } | |
390 | ||
391 | if (defined($perms)) { | |
392 | $! = 0; | |
393 | my ($mode, $unparsed) = POSIX::strtoul($perms, 0); | |
394 | die "invalid mode: '$perms'\n" if $perms eq '' || $unparsed > 0 || $!; | |
395 | $perms = $mode; | |
396 | } | |
397 | ||
398 | my $fd; | |
399 | if (sysopen($fd, $path, O_WRONLY | O_CREAT | O_EXCL, 0)) { | |
400 | $perms = 0666 & ~umask if !defined($perms); | |
401 | } else { | |
402 | # If the path previously existed then we do not care about left-over | |
403 | # file descriptors even if the permissions/ownership is changed. | |
404 | sysopen($fd, $path, O_WRONLY | O_CREAT | O_TRUNC) | |
405 | or die "failed to create file: $path: $!\n"; | |
406 | } | |
407 | ||
408 | my $trunc = 0; | |
409 | ||
410 | if (defined($perms)) { | |
411 | $trunc = 1; | |
412 | chmod($perms, $fd); | |
413 | } | |
414 | ||
415 | if (defined($uid) || defined($gid)) { | |
416 | $trunc = 1; | |
417 | my ($fuid, $fgid) = (stat($fd))[4,5] if !defined($uid) || !defined($gid); | |
418 | $uid = $fuid if !defined($uid); | |
419 | $gid = $fgid if !defined($gid); | |
420 | chown($uid, $gid, $fd) | |
421 | or die "failed to change file owner: $!\n"; | |
422 | } | |
423 | return $fd; | |
424 | } | |
425 | ||
426 | __PACKAGE__->register_method({ | |
427 | name => 'pull', | |
428 | path => 'pull', | |
429 | method => 'PUT', | |
430 | description => "Copy a file from the container to the local system.", | |
431 | parameters => { | |
432 | additionalProperties => 0, | |
433 | properties => { | |
434 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
435 | path => { | |
436 | type => 'string', | |
437 | description => "Path to a file inside the container to pull.", | |
438 | }, | |
439 | destination => { | |
440 | type => 'string', | |
441 | description => "Destination", | |
442 | }, | |
443 | user => { | |
444 | type => 'string', | |
445 | description => 'Owner user name or id.', | |
446 | optional => 1, | |
447 | }, | |
448 | group => { | |
449 | type => 'string', | |
450 | description => 'Owner group name or id.', | |
451 | optional => 1, | |
452 | }, | |
453 | perms => { | |
454 | type => 'string', | |
893e40de | 455 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
456 | optional => 1, |
457 | }, | |
458 | }, | |
459 | }, | |
460 | returns => { | |
461 | type => 'string', | |
462 | description => "the task ID.", | |
463 | }, | |
464 | code => sub { | |
465 | my ($param) = @_; | |
466 | ||
467 | my $rpcenv = PVE::RPCEnvironment::get(); | |
468 | ||
469 | my $vmid = extract_param($param, 'vmid'); | |
470 | my $path = extract_param($param, 'path'); | |
471 | my $dest = extract_param($param, 'destination'); | |
472 | ||
473 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
474 | # assume octal as default |
475 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
476 | my $user = extract_param($param, 'user'); |
477 | my $group = extract_param($param, 'group'); | |
478 | ||
479 | my $code = sub { | |
480 | my $running = PVE::LXC::check_running($vmid); | |
481 | die "can only pull files from a running VM" if !$running; | |
482 | ||
483 | my $realcmd = sub { | |
484 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
485 | # Avoid symlink issues by opening the files from inside the | |
486 | # corresponding namespaces. | |
487 | my $destfd = create_file($dest, $perms, $user, $group); | |
488 | ||
489 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
490 | or die "failed to open the container's mount namespace\n"; | |
491 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
492 | or die "failed to enter the container's mount namespace\n"; | |
493 | close($mntnsfd); | |
494 | chdir('/') or die "failed to change to container root directory\n"; | |
495 | ||
496 | open my $srcfd, '<', $path | |
497 | or die "failed to open $path: $!\n"; | |
498 | ||
499 | copy($srcfd, $destfd); | |
500 | }; | |
501 | ||
502 | # This avoids having to setns() back to our namespace. | |
503 | return $rpcenv->fork_worker('pull_file', $vmid, undef, $realcmd); | |
504 | }; | |
505 | ||
67afe46e | 506 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
507 | }}); |
508 | ||
509 | __PACKAGE__->register_method({ | |
510 | name => 'push', | |
511 | path => 'push', | |
512 | method => 'PUT', | |
513 | description => "Copy a local file to the container.", | |
514 | parameters => { | |
515 | additionalProperties => 0, | |
516 | properties => { | |
517 | vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }), | |
518 | file => { | |
519 | type => 'string', | |
520 | description => "Path to a local file.", | |
521 | }, | |
522 | destination => { | |
523 | type => 'string', | |
524 | description => "Destination inside the container to write to.", | |
525 | }, | |
526 | user => { | |
527 | type => 'string', | |
528 | description => 'Owner user name or id. When using a name it must exist inside the container.', | |
529 | optional => 1, | |
530 | }, | |
531 | group => { | |
532 | type => 'string', | |
533 | description => 'Owner group name or id. When using a name it must exist inside the container.', | |
534 | optional => 1, | |
535 | }, | |
536 | perms => { | |
537 | type => 'string', | |
893e40de | 538 | description => "File permissions to use (octal by default, prefix with '0x' for hexadecimal).", |
b95bf64b WB |
539 | optional => 1, |
540 | }, | |
541 | }, | |
542 | }, | |
543 | returns => { | |
544 | type => 'string', | |
545 | description => "the task ID.", | |
546 | }, | |
547 | code => sub { | |
548 | my ($param) = @_; | |
549 | ||
550 | my $rpcenv = PVE::RPCEnvironment::get(); | |
551 | ||
552 | my $vmid = extract_param($param, 'vmid'); | |
553 | my $file = extract_param($param, 'file'); | |
554 | my $dest = extract_param($param, 'destination'); | |
555 | ||
556 | my $perms = extract_param($param, 'perms'); | |
fa0ab908 DM |
557 | # assume octal as default |
558 | $perms = "0$perms" if defined($perms) && $perms !~m/^0/; | |
b95bf64b WB |
559 | my $user = extract_param($param, 'user'); |
560 | my $group = extract_param($param, 'group'); | |
561 | ||
562 | my $code = sub { | |
563 | my $running = PVE::LXC::check_running($vmid); | |
564 | die "can only push files to a running VM" if !$running; | |
565 | ||
67afe46e | 566 | my $conf = PVE::LXC::Config->load_config($vmid); |
b95bf64b WB |
567 | my $unprivileged = $conf->{unprivileged}; |
568 | ||
569 | my $realcmd = sub { | |
570 | my $pid = PVE::LXC::find_lxc_pid($vmid); | |
571 | # We open the file then enter the container's mount - and for | |
572 | # unprivileged containers - user namespace and then create the | |
573 | # file. This avoids symlink attacks as a symlink cannot point | |
574 | # outside the namespace and our own access is equivalent to the | |
575 | # container-local's root user. Also the user-passed -user and | |
576 | # -group parameters will use the container-local's user and | |
577 | # group names. | |
578 | sysopen my $srcfd, $file, O_RDONLY | |
579 | or die "failed to open $file for reading\n"; | |
580 | ||
581 | sysopen my $mntnsfd, "/proc/$pid/ns/mnt", O_RDONLY | |
582 | or die "failed to open the container's mount namespace\n"; | |
583 | my $usernsfd; | |
584 | if ($unprivileged) { | |
585 | sysopen $usernsfd, "/proc/$pid/ns/user", O_RDONLY | |
586 | or die "failed to open the container's user namespace\n"; | |
587 | } | |
588 | ||
589 | PVE::Tools::setns(fileno($mntnsfd), PVE::Tools::CLONE_NEWNS) | |
590 | or die "failed to enter the container's mount namespace\n"; | |
591 | close($mntnsfd); | |
592 | chdir('/') or die "failed to change to container root directory\n"; | |
593 | ||
594 | if ($unprivileged) { | |
595 | PVE::Tools::setns(fileno($usernsfd), PVE::Tools::CLONE_NEWUSER) | |
596 | or die "failed to enter the container's user namespace\n"; | |
597 | close($usernsfd); | |
598 | POSIX::setgid(0) or die "setgid failed: $!\n"; | |
599 | POSIX::setuid(0) or die "setuid failed: $!\n"; | |
600 | } | |
601 | ||
602 | my $destfd = create_file($dest, $perms, $user, $group); | |
603 | copy($srcfd, $destfd); | |
604 | }; | |
605 | ||
606 | # This avoids having to setns() back to our namespace. | |
607 | return $rpcenv->fork_worker('push_file', $vmid, undef, $realcmd); | |
608 | }; | |
609 | ||
67afe46e | 610 | return PVE::LXC::Config->lock_config($vmid, $code); |
b95bf64b WB |
611 | }}); |
612 | ||
9beee926 DM |
613 | our $cmddef = { |
614 | list=> [ 'PVE::API2::LXC', 'vmlist', [], { node => $nodename }, sub { | |
615 | my $res = shift; | |
616 | return if !scalar(@$res); | |
d0226204 WB |
617 | my $format = "%-10s %-10s %-12s %-20s\n"; |
618 | printf($format, 'VMID', 'Status', 'Lock', 'Name'); | |
9beee926 | 619 | foreach my $d (sort {$a->{vmid} <=> $b->{vmid} } @$res) { |
d0226204 | 620 | printf($format, $d->{vmid}, $d->{status}, $d->{lock}, $d->{name}); |
9beee926 DM |
621 | } |
622 | }], | |
623 | config => [ "PVE::API2::LXC::Config", 'vm_config', ['vmid'], | |
624 | { node => $nodename }, sub { | |
625 | my $config = shift; | |
626 | foreach my $k (sort (keys %$config)) { | |
627 | next if $k eq 'digest'; | |
628 | my $v = $config->{$k}; | |
629 | if ($k eq 'description') { | |
630 | $v = PVE::Tools::encode_text($v); | |
631 | } | |
632 | print "$k: $v\n"; | |
633 | } | |
634 | }], | |
635 | set => [ 'PVE::API2::LXC::Config', 'update_vm', ['vmid'], { node => $nodename }], | |
40626217 | 636 | |
985b18ed | 637 | resize => [ "PVE::API2::LXC", 'resize_vm', ['vmid', 'disk', 'size'], { node => $nodename } ], |
9beee926 DM |
638 | |
639 | create => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename }, $upid_exit ], | |
640 | restore => [ 'PVE::API2::LXC', 'create_vm', ['vmid', 'ostemplate'], { node => $nodename, restore => 1 }, $upid_exit ], | |
641 | ||
642 | start => [ 'PVE::API2::LXC::Status', 'vm_start', ['vmid'], { node => $nodename }, $upid_exit], | |
643 | suspend => [ 'PVE::API2::LXC::Status', 'vm_suspend', ['vmid'], { node => $nodename }, $upid_exit], | |
644 | resume => [ 'PVE::API2::LXC::Status', 'vm_resume', ['vmid'], { node => $nodename }, $upid_exit], | |
645 | shutdown => [ 'PVE::API2::LXC::Status', 'vm_shutdown', ['vmid'], { node => $nodename }, $upid_exit], | |
646 | stop => [ 'PVE::API2::LXC::Status', 'vm_stop', ['vmid'], { node => $nodename }, $upid_exit], | |
647 | ||
c4a33727 | 648 | clone => [ "PVE::API2::LXC", 'clone_vm', ['vmid', 'newid'], { node => $nodename }, $upid_exit ], |
9beee926 DM |
649 | migrate => [ "PVE::API2::LXC", 'migrate_vm', ['vmid', 'target'], { node => $nodename }, $upid_exit], |
650 | ||
651 | console => [ __PACKAGE__, 'console', ['vmid']], | |
652 | enter => [ __PACKAGE__, 'enter', ['vmid']], | |
c72bd0ba | 653 | unlock => [ __PACKAGE__, 'unlock', ['vmid']], |
9beee926 | 654 | exec => [ __PACKAGE__, 'exec', ['vmid', 'extra-args']], |
f8327ed5 | 655 | fsck => [ __PACKAGE__, 'fsck', ['vmid']], |
b95bf64b | 656 | |
c93be6ed WB |
657 | mount => [ __PACKAGE__, 'mount', ['vmid']], |
658 | unmount => [ __PACKAGE__, 'unmount', ['vmid']], | |
b95bf64b WB |
659 | push => [ __PACKAGE__, 'push', ['vmid', 'file', 'destination']], |
660 | pull => [ __PACKAGE__, 'pull', ['vmid', 'path', 'destination']], | |
c6b59656 WB |
661 | |
662 | df => [ __PACKAGE__, 'df', ['vmid']], | |
663 | ||
9beee926 DM |
664 | destroy => [ 'PVE::API2::LXC', 'destroy_vm', ['vmid'], |
665 | { node => $nodename }, $upid_exit ], | |
666 | ||
667 | snapshot => [ "PVE::API2::LXC::Snapshot", 'snapshot', ['vmid', 'snapname'], | |
668 | { node => $nodename } , $upid_exit ], | |
669 | ||
670 | delsnapshot => [ "PVE::API2::LXC::Snapshot", 'delsnapshot', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
671 | ||
672 | listsnapshot => [ "PVE::API2::LXC::Snapshot", 'list', ['vmid'], { node => $nodename }, | |
673 | sub { | |
674 | my $res = shift; | |
675 | foreach my $e (@$res) { | |
676 | my $headline = $e->{description} || 'no-description'; | |
677 | $headline =~ s/\n.*//sg; | |
678 | my $parent = $e->{parent} // 'no-parent'; | |
679 | printf("%-20s %-20s %s\n", $e->{name}, $parent, $headline); | |
680 | } | |
681 | }], | |
682 | ||
683 | rollback => [ "PVE::API2::LXC::Snapshot", 'rollback', ['vmid', 'snapname'], { node => $nodename } , $upid_exit ], | |
684 | ||
685 | template => [ "PVE::API2::LXC", 'template', ['vmid'], { node => $nodename }], | |
686 | }; | |
687 | ||
688 | ||
689 | 1; | |
690 | ||
691 | __END__ | |
692 | ||
693 | =head1 NAME | |
694 | ||
695 | pct - Tool to manage Linux Containers (LXC) on Proxmox VE | |
696 | ||
697 | =head1 SYNOPSIS | |
698 | ||
699 | =include synopsis | |
700 | ||
701 | =head1 DESCRIPTION | |
702 | ||
703 | pct is a tool to manages Linux Containers (LXC). You can create | |
704 | and destroy containers, and control execution | |
705 | (start/stop/suspend/resume). Besides that, you can use pct to set | |
706 | parameters in the associated config file, like network configuration or | |
707 | memory. | |
708 | ||
709 | =head1 EXAMPLES | |
710 | ||
711 | Create a container based on a Debian template | |
712 | (provided you downloaded the template via the webgui before) | |
713 | ||
714 | pct create 100 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz | |
715 | ||
716 | Start a container | |
717 | ||
718 | pct start 100 | |
719 | ||
720 | Start a login session via getty | |
721 | ||
722 | pct console 100 | |
723 | ||
724 | Enter the lxc namespace and run a shell as root user | |
725 | ||
726 | pct enter 100 | |
727 | ||
728 | Display the configuration | |
729 | ||
730 | pct config 100 | |
731 | ||
732 | Add a network interface called eth0, bridged to the host bridge vmbr0, | |
733 | set the address and gateway, while it's running | |
734 | ||
735 | pct set 100 -net0 name=eth0,bridge=vmbr0,ip=192.168.15.147/24,gw=192.168.15.1 | |
736 | ||
737 | Reduce the memory of the container to 512MB | |
738 | ||
739 | pct set -memory 512 100 | |
740 | ||
741 | =head1 FILES | |
742 | ||
743 | /etc/pve/lxc/<vmid>.conf | |
744 | ||
745 | Configuration file for the container <vmid> | |
746 | ||
747 | =head1 SEE ALSO | |
748 | ||
749 | L<B<qm(1)>>, L<B<pvesh(1)>> | |
750 | ||
751 | =include pve_copyright |