]> git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
projects / pve-container.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
do not allow destroy if there are replication jobs
[pve-container.git] / src / PVE / API2 / LXC.pm
1 package PVE::API2::LXC;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param run_command);
8 use PVE::Exception qw(raise raise_param_exc);
9 use PVE::INotify;
10 use PVE::Cluster qw(cfs_read_file);
11 use PVE::AccessControl;
12 use PVE::Firewall;
13 use PVE::Storage;
14 use PVE::RESTHandler;
15 use PVE::RPCEnvironment;
16 use PVE::ReplicationConfig;
17 use PVE::LXC;
18 use PVE::LXC::Create;
19 use PVE::LXC::Migrate;
20 use PVE::API2::LXC::Config;
21 use PVE::API2::LXC::Status;
22 use PVE::API2::LXC::Snapshot;
23 use PVE::JSONSchema qw(get_standard_option);
24 use base qw(PVE::RESTHandler);
25
26 BEGIN {
27 if (!$ENV{PVE_GENERATING_DOCS}) {
28 require PVE::HA::Env::PVE2;
29 import PVE::HA::Env::PVE2;
30 require PVE::HA::Config;
31 import PVE::HA::Config;
32 }
33 }
34
35 __PACKAGE__->register_method ({
36 subclass => "PVE::API2::LXC::Config",
37 path => '{vmid}/config',
38 });
39
40 __PACKAGE__->register_method ({
41 subclass => "PVE::API2::LXC::Status",
42 path => '{vmid}/status',
43 });
44
45 __PACKAGE__->register_method ({
46 subclass => "PVE::API2::LXC::Snapshot",
47 path => '{vmid}/snapshot',
48 });
49
50 __PACKAGE__->register_method ({
51 subclass => "PVE::API2::Firewall::CT",
52 path => '{vmid}/firewall',
53 });
54
55 __PACKAGE__->register_method({
56 name => 'vmlist',
57 path => '',
58 method => 'GET',
59 description => "LXC container index (per node).",
60 permissions => {
61 description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
62 user => 'all',
63 },
64 proxyto => 'node',
65 protected => 1, # /proc files are only readable by root
66 parameters => {
67 additionalProperties => 0,
68 properties => {
69 node => get_standard_option('pve-node'),
70 },
71 },
72 returns => {
73 type => 'array',
74 items => {
75 type => "object",
76 properties => {},
77 },
78 links => [ { rel => 'child', href => "{vmid}" } ],
79 },
80 code => sub {
81 my ($param) = @_;
82
83 my $rpcenv = PVE::RPCEnvironment::get();
84 my $authuser = $rpcenv->get_user();
85
86 my $vmstatus = PVE::LXC::vmstatus();
87
88 my $res = [];
89 foreach my $vmid (keys %$vmstatus) {
90 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
91
92 my $data = $vmstatus->{$vmid};
93 $data->{vmid} = $vmid;
94 push @$res, $data;
95 }
96
97 return $res;
98
99 }});
100
101 __PACKAGE__->register_method({
102 name => 'create_vm',
103 path => '',
104 method => 'POST',
105 description => "Create or restore a container.",
106 permissions => {
107 user => 'all', # check inside
108 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
109 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
110 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
111 },
112 protected => 1,
113 proxyto => 'node',
114 parameters => {
115 additionalProperties => 0,
116 properties => PVE::LXC::Config->json_config_properties({
117 node => get_standard_option('pve-node'),
118 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
119 ostemplate => {
120 description => "The OS template or backup file.",
121 type => 'string',
122 maxLength => 255,
123 completion => \&PVE::LXC::complete_os_templates,
124 },
125 password => {
126 optional => 1,
127 type => 'string',
128 description => "Sets root password inside container.",
129 minLength => 5,
130 },
131 storage => get_standard_option('pve-storage-id', {
132 description => "Default Storage.",
133 default => 'local',
134 optional => 1,
135 completion => \&PVE::Storage::complete_storage_enabled,
136 }),
137 force => {
138 optional => 1,
139 type => 'boolean',
140 description => "Allow to overwrite existing container.",
141 },
142 restore => {
143 optional => 1,
144 type => 'boolean',
145 description => "Mark this as restore task.",
146 },
147 pool => {
148 optional => 1,
149 type => 'string', format => 'pve-poolid',
150 description => "Add the VM to the specified pool.",
151 },
152 'ignore-unpack-errors' => {
153 optional => 1,
154 type => 'boolean',
155 description => "Ignore errors when extracting the template.",
156 },
157 'ssh-public-keys' => {
158 optional => 1,
159 type => 'string',
160 description => "Setup public SSH keys (one key per line, " .
161 "OpenSSH format).",
162 },
163 }),
164 },
165 returns => {
166 type => 'string',
167 },
168 code => sub {
169 my ($param) = @_;
170
171 my $rpcenv = PVE::RPCEnvironment::get();
172
173 my $authuser = $rpcenv->get_user();
174
175 my $node = extract_param($param, 'node');
176
177 my $vmid = extract_param($param, 'vmid');
178
179 my $ignore_unpack_errors = extract_param($param, 'ignore-unpack-errors');
180
181 my $basecfg_fn = PVE::LXC::Config->config_file($vmid);
182
183 my $same_container_exists = -f $basecfg_fn;
184
185 # 'unprivileged' is read-only, so we can't pass it to update_pct_config
186 my $unprivileged = extract_param($param, 'unprivileged');
187
188 my $restore = extract_param($param, 'restore');
189
190 if ($restore) {
191 # fixme: limit allowed parameters
192
193 }
194
195 my $force = extract_param($param, 'force');
196
197 if (!($same_container_exists && $restore && $force)) {
198 PVE::Cluster::check_vmid_unused($vmid);
199 } else {
200 my $conf = PVE::LXC::Config->load_config($vmid);
201 PVE::LXC::Config->check_protection($conf, "unable to restore CT $vmid");
202 }
203
204 my $password = extract_param($param, 'password');
205
206 my $ssh_keys = extract_param($param, 'ssh-public-keys');
207 PVE::Tools::validate_ssh_public_keys($ssh_keys) if defined($ssh_keys);
208
209 my $pool = extract_param($param, 'pool');
210
211 if (defined($pool)) {
212 $rpcenv->check_pool_exist($pool);
213 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
214 }
215
216 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
217 # OK
218 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
219 # OK
220 } elsif ($restore && $force && $same_container_exists &&
221 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
222 # OK: user has VM.Backup permissions, and want to restore an existing VM
223 } else {
224 raise_perm_exc();
225 }
226
227 my $ostemplate = extract_param($param, 'ostemplate');
228 my $storage = extract_param($param, 'storage') // 'local';
229
230 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, $param, []);
231
232 my $storage_cfg = cfs_read_file("storage.cfg");
233
234
235 my $archive;
236
237 if ($ostemplate eq '-') {
238 die "pipe requires cli environment\n"
239 if $rpcenv->{type} ne 'cli';
240 die "pipe can only be used with restore tasks\n"
241 if !$restore;
242 $archive = '-';
243 die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs});
244 } else {
245 PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, $vmid, $ostemplate);
246 $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
247 }
248
249 my $check_and_activate_storage = sub {
250 my ($sid) = @_;
251
252 my $scfg = PVE::Storage::storage_check_node($storage_cfg, $sid, $node);
253
254 raise_param_exc({ storage => "storage '$sid' does not support container directories"})
255 if !$scfg->{content}->{rootdir};
256
257 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
258
259 PVE::Storage::activate_storage($storage_cfg, $sid);
260 };
261
262 my $conf = {};
263
264 my $no_disk_param = {};
265 my $mp_param = {};
266 my $storage_only_mode = 1;
267 foreach my $opt (keys %$param) {
268 my $value = $param->{$opt};
269 if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) {
270 # allow to use simple numbers (add default storage in that case)
271 if ($value =~ m/^\d+(\.\d+)?$/) {
272 $mp_param->{$opt} = "$storage:$value";
273 } else {
274 $mp_param->{$opt} = $value;
275 }
276 $storage_only_mode = 0;
277 } elsif ($opt =~ m/^unused\d+$/) {
278 warn "ignoring '$opt', cannot create/restore with unused volume\n";
279 delete $param->{$opt};
280 } else {
281 $no_disk_param->{$opt} = $value;
282 }
283 }
284
285 die "mount points configured, but 'rootfs' not set - aborting\n"
286 if !$storage_only_mode && !defined($mp_param->{rootfs});
287
288 # check storage access, activate storage
289 my $delayed_mp_param = {};
290 PVE::LXC::Config->foreach_mountpoint($mp_param, sub {
291 my ($ms, $mountpoint) = @_;
292
293 my $volid = $mountpoint->{volume};
294 my $mp = $mountpoint->{mp};
295
296 if ($mountpoint->{type} ne 'volume') { # bind or device
297 die "Only root can pass arbitrary filesystem paths.\n"
298 if $authuser ne 'root@pam';
299 } else {
300 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
301 &$check_and_activate_storage($sid);
302 }
303 });
304
305 # check/activate default storage
306 &$check_and_activate_storage($storage) if !defined($mp_param->{rootfs});
307
308 PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
309
310 $conf->{unprivileged} = 1 if $unprivileged;
311
312 my $check_vmid_usage = sub {
313 if ($force) {
314 die "can't overwrite running container\n"
315 if PVE::LXC::check_running($vmid);
316 } else {
317 PVE::Cluster::check_vmid_unused($vmid);
318 }
319 };
320
321 my $code = sub {
322 &$check_vmid_usage(); # final check after locking
323 my $old_conf;
324
325 my $config_fn = PVE::LXC::Config->config_file($vmid);
326 if (-f $config_fn) {
327 die "container exists" if !$restore; # just to be sure
328 $old_conf = PVE::LXC::Config->load_config($vmid);
329 } else {
330 eval {
331 # try to create empty config on local node, we have an flock
332 PVE::LXC::Config->write_config($vmid, {});
333 };
334
335 # another node was faster, abort
336 die "Could not reserve ID $vmid, already taken\n" if $@;
337 }
338
339 PVE::Cluster::check_cfs_quorum();
340 my $vollist = [];
341
342 eval {
343 if ($storage_only_mode) {
344 if ($restore) {
345 (undef, $mp_param) = PVE::LXC::Create::recover_config($archive);
346 die "rootfs configuration could not be recovered, please check and specify manually!\n"
347 if !defined($mp_param->{rootfs});
348 PVE::LXC::Config->foreach_mountpoint($mp_param, sub {
349 my ($ms, $mountpoint) = @_;
350 my $type = $mountpoint->{type};
351 if ($type eq 'volume') {
352 die "unable to detect disk size - please specify $ms (size)\n"
353 if !defined($mountpoint->{size});
354 my $disksize = $mountpoint->{size} / (1024 * 1024 * 1024); # create_disks expects GB as unit size
355 delete $mountpoint->{size};
356 $mountpoint->{volume} = "$storage:$disksize";
357 $mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs');
358 } else {
359 my $type = $mountpoint->{type};
360 die "restoring rootfs to $type mount is only possible by specifying -rootfs manually!\n"
361 if ($ms eq 'rootfs');
362 die "restoring '$ms' to $type mount is only possible for root\n"
363 if $authuser ne 'root@pam';
364
365 if ($mountpoint->{backup}) {
366 warn "WARNING - unsupported configuration!\n";
367 warn "backup was enabled for $type mount point $ms ('$mountpoint->{mp}')\n";
368 warn "mount point configuration will be restored after archive extraction!\n";
369 warn "contained files will be restored to wrong directory!\n";
370 }
371 delete $mp_param->{$ms}; # actually delay bind/dev mps
372 $delayed_mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs');
373 }
374 });
375 } else {
376 $mp_param->{rootfs} = "$storage:4"; # defaults to 4GB
377 }
378 }
379
380 $vollist = PVE::LXC::create_disks($storage_cfg, $vmid, $mp_param, $conf);
381
382 if (defined($old_conf)) {
383 # destroy old container volumes
384 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $old_conf, {});
385 }
386
387 eval {
388 my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1);
389 PVE::LXC::Create::restore_archive($archive, $rootdir, $conf, $ignore_unpack_errors);
390
391 if ($restore) {
392 PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, $authuser ne 'root@pam');
393 } else {
394 my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
395 PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection)
396 $lxc_setup->post_create_hook($password, $ssh_keys);
397 }
398 };
399 my $err = $@;
400 PVE::LXC::umount_all($vmid, $storage_cfg, $conf, $err ? 1 : 0);
401 PVE::Storage::deactivate_volumes($storage_cfg, PVE::LXC::Config->get_vm_volumes($conf));
402 die $err if $err;
403 # set some defaults
404 $conf->{hostname} ||= "CT$vmid";
405 $conf->{memory} ||= 512;
406 $conf->{swap} //= 512;
407 foreach my $mp (keys %$delayed_mp_param) {
408 $conf->{$mp} = $delayed_mp_param->{$mp};
409 }
410 PVE::LXC::Config->write_config($vmid, $conf);
411 };
412 if (my $err = $@) {
413 PVE::LXC::destroy_disks($storage_cfg, $vollist);
414 PVE::LXC::destroy_config($vmid);
415 die $err;
416 }
417 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
418 };
419
420 my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
421
422 &$check_vmid_usage(); # first check before locking
423
424 return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate',
425 $vmid, $authuser, $realcmd);
426
427 }});
428
429 __PACKAGE__->register_method({
430 name => 'vmdiridx',
431 path => '{vmid}',
432 method => 'GET',
433 proxyto => 'node',
434 description => "Directory index",
435 permissions => {
436 user => 'all',
437 },
438 parameters => {
439 additionalProperties => 0,
440 properties => {
441 node => get_standard_option('pve-node'),
442 vmid => get_standard_option('pve-vmid'),
443 },
444 },
445 returns => {
446 type => 'array',
447 items => {
448 type => "object",
449 properties => {
450 subdir => { type => 'string' },
451 },
452 },
453 links => [ { rel => 'child', href => "{subdir}" } ],
454 },
455 code => sub {
456 my ($param) = @_;
457
458 # test if VM exists
459 my $conf = PVE::LXC::Config->load_config($param->{vmid});
460
461 my $res = [
462 { subdir => 'config' },
463 { subdir => 'status' },
464 { subdir => 'vncproxy' },
465 { subdir => 'vncwebsocket' },
466 { subdir => 'spiceproxy' },
467 { subdir => 'migrate' },
468 { subdir => 'clone' },
469 # { subdir => 'initlog' },
470 { subdir => 'rrd' },
471 { subdir => 'rrddata' },
472 { subdir => 'firewall' },
473 { subdir => 'snapshot' },
474 { subdir => 'resize' },
475 ];
476
477 return $res;
478 }});
479
480
481 __PACKAGE__->register_method({
482 name => 'rrd',
483 path => '{vmid}/rrd',
484 method => 'GET',
485 protected => 1, # fixme: can we avoid that?
486 permissions => {
487 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
488 },
489 description => "Read VM RRD statistics (returns PNG)",
490 parameters => {
491 additionalProperties => 0,
492 properties => {
493 node => get_standard_option('pve-node'),
494 vmid => get_standard_option('pve-vmid'),
495 timeframe => {
496 description => "Specify the time frame you are interested in.",
497 type => 'string',
498 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
499 },
500 ds => {
501 description => "The list of datasources you want to display.",
502 type => 'string', format => 'pve-configid-list',
503 },
504 cf => {
505 description => "The RRD consolidation function",
506 type => 'string',
507 enum => [ 'AVERAGE', 'MAX' ],
508 optional => 1,
509 },
510 },
511 },
512 returns => {
513 type => "object",
514 properties => {
515 filename => { type => 'string' },
516 },
517 },
518 code => sub {
519 my ($param) = @_;
520
521 return PVE::Cluster::create_rrd_graph(
522 "pve2-vm/$param->{vmid}", $param->{timeframe},
523 $param->{ds}, $param->{cf});
524
525 }});
526
527 __PACKAGE__->register_method({
528 name => 'rrddata',
529 path => '{vmid}/rrddata',
530 method => 'GET',
531 protected => 1, # fixme: can we avoid that?
532 permissions => {
533 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
534 },
535 description => "Read VM RRD statistics",
536 parameters => {
537 additionalProperties => 0,
538 properties => {
539 node => get_standard_option('pve-node'),
540 vmid => get_standard_option('pve-vmid'),
541 timeframe => {
542 description => "Specify the time frame you are interested in.",
543 type => 'string',
544 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
545 },
546 cf => {
547 description => "The RRD consolidation function",
548 type => 'string',
549 enum => [ 'AVERAGE', 'MAX' ],
550 optional => 1,
551 },
552 },
553 },
554 returns => {
555 type => "array",
556 items => {
557 type => "object",
558 properties => {},
559 },
560 },
561 code => sub {
562 my ($param) = @_;
563
564 return PVE::Cluster::create_rrd_data(
565 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
566 }});
567
568 __PACKAGE__->register_method({
569 name => 'destroy_vm',
570 path => '{vmid}',
571 method => 'DELETE',
572 protected => 1,
573 proxyto => 'node',
574 description => "Destroy the container (also delete all uses files).",
575 permissions => {
576 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
577 },
578 parameters => {
579 additionalProperties => 0,
580 properties => {
581 node => get_standard_option('pve-node'),
582 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
583 },
584 },
585 returns => {
586 type => 'string',
587 },
588 code => sub {
589 my ($param) = @_;
590
591 my $rpcenv = PVE::RPCEnvironment::get();
592
593 my $authuser = $rpcenv->get_user();
594
595 my $vmid = $param->{vmid};
596
597 # test if container exists
598 my $conf = PVE::LXC::Config->load_config($vmid);
599
600 my $storage_cfg = cfs_read_file("storage.cfg");
601
602 PVE::LXC::Config->check_protection($conf, "can't remove CT $vmid");
603
604 die "unable to remove CT $vmid - used in HA resources\n"
605 if PVE::HA::Config::vm_is_ha_managed($vmid);
606
607 # do not allow destroy if there are replication jobs
608 my $repl_conf = PVE::ReplicationConfig->new();
609 $repl_conf->check_for_existing_jobs($vmid);
610
611 my $running_error_msg = "unable to destroy CT $vmid - container is running\n";
612
613 die $running_error_msg if PVE::LXC::check_running($vmid); # check early
614
615 my $code = sub {
616 # reload config after lock
617 $conf = PVE::LXC::Config->load_config($vmid);
618 PVE::LXC::Config->check_lock($conf);
619
620 die $running_error_msg if PVE::LXC::check_running($vmid);
621
622 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
623 PVE::AccessControl::remove_vm_access($vmid);
624 PVE::Firewall::remove_vmfw_conf($vmid);
625 };
626
627 my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
628
629 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
630 }});
631
632 my $sslcert;
633
634 __PACKAGE__->register_method ({
635 name => 'vncproxy',
636 path => '{vmid}/vncproxy',
637 method => 'POST',
638 protected => 1,
639 permissions => {
640 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
641 },
642 description => "Creates a TCP VNC proxy connections.",
643 parameters => {
644 additionalProperties => 0,
645 properties => {
646 node => get_standard_option('pve-node'),
647 vmid => get_standard_option('pve-vmid'),
648 websocket => {
649 optional => 1,
650 type => 'boolean',
651 description => "use websocket instead of standard VNC.",
652 },
653 },
654 },
655 returns => {
656 additionalProperties => 0,
657 properties => {
658 user => { type => 'string' },
659 ticket => { type => 'string' },
660 cert => { type => 'string' },
661 port => { type => 'integer' },
662 upid => { type => 'string' },
663 },
664 },
665 code => sub {
666 my ($param) = @_;
667
668 my $rpcenv = PVE::RPCEnvironment::get();
669
670 my $authuser = $rpcenv->get_user();
671
672 my $vmid = $param->{vmid};
673 my $node = $param->{node};
674
675 my $authpath = "/vms/$vmid";
676
677 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
678
679 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
680 if !$sslcert;
681
682 my ($remip, $family);
683
684 if ($node ne PVE::INotify::nodename()) {
685 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
686 } else {
687 $family = PVE::Tools::get_host_address_family($node);
688 }
689
690 my $port = PVE::Tools::next_vnc_port($family);
691
692 # NOTE: vncterm VNC traffic is already TLS encrypted,
693 # so we select the fastest chipher here (or 'none'?)
694 my $remcmd = $remip ?
695 ['/usr/bin/ssh', '-t', $remip] : [];
696
697 my $conf = PVE::LXC::Config->load_config($vmid, $node);
698 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
699
700 my $shcmd = [ '/usr/bin/dtach', '-A',
701 "/var/run/dtach/vzctlconsole$vmid",
702 '-r', 'winch', '-z', @$concmd];
703
704 my $realcmd = sub {
705 my $upid = shift;
706
707 syslog ('info', "starting lxc vnc proxy $upid\n");
708
709 my $timeout = 10;
710
711 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
712 '-timeout', $timeout, '-authpath', $authpath,
713 '-perm', 'VM.Console'];
714
715 if ($param->{websocket}) {
716 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
717 push @$cmd, '-notls', '-listen', 'localhost';
718 }
719
720 push @$cmd, '-c', @$remcmd, @$shcmd;
721
722 run_command($cmd, keeplocale => 1);
723
724 return;
725 };
726
727 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
728
729 PVE::Tools::wait_for_vnc_port($port);
730
731 return {
732 user => $authuser,
733 ticket => $ticket,
734 port => $port,
735 upid => $upid,
736 cert => $sslcert,
737 };
738 }});
739
740 __PACKAGE__->register_method({
741 name => 'vncwebsocket',
742 path => '{vmid}/vncwebsocket',
743 method => 'GET',
744 permissions => {
745 description => "You also need to pass a valid ticket (vncticket).",
746 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
747 },
748 description => "Opens a weksocket for VNC traffic.",
749 parameters => {
750 additionalProperties => 0,
751 properties => {
752 node => get_standard_option('pve-node'),
753 vmid => get_standard_option('pve-vmid'),
754 vncticket => {
755 description => "Ticket from previous call to vncproxy.",
756 type => 'string',
757 maxLength => 512,
758 },
759 port => {
760 description => "Port number returned by previous vncproxy call.",
761 type => 'integer',
762 minimum => 5900,
763 maximum => 5999,
764 },
765 },
766 },
767 returns => {
768 type => "object",
769 properties => {
770 port => { type => 'string' },
771 },
772 },
773 code => sub {
774 my ($param) = @_;
775
776 my $rpcenv = PVE::RPCEnvironment::get();
777
778 my $authuser = $rpcenv->get_user();
779
780 my $authpath = "/vms/$param->{vmid}";
781
782 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
783
784 my $port = $param->{port};
785
786 return { port => $port };
787 }});
788
789 __PACKAGE__->register_method ({
790 name => 'spiceproxy',
791 path => '{vmid}/spiceproxy',
792 method => 'POST',
793 protected => 1,
794 proxyto => 'node',
795 permissions => {
796 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
797 },
798 description => "Returns a SPICE configuration to connect to the CT.",
799 parameters => {
800 additionalProperties => 0,
801 properties => {
802 node => get_standard_option('pve-node'),
803 vmid => get_standard_option('pve-vmid'),
804 proxy => get_standard_option('spice-proxy', { optional => 1 }),
805 },
806 },
807 returns => get_standard_option('remote-viewer-config'),
808 code => sub {
809 my ($param) = @_;
810
811 my $vmid = $param->{vmid};
812 my $node = $param->{node};
813 my $proxy = $param->{proxy};
814
815 my $authpath = "/vms/$vmid";
816 my $permissions = 'VM.Console';
817
818 my $conf = PVE::LXC::Config->load_config($vmid);
819
820 die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
821
822 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
823
824 my $shcmd = ['/usr/bin/dtach', '-A',
825 "/var/run/dtach/vzctlconsole$vmid",
826 '-r', 'winch', '-z', @$concmd];
827
828 my $title = "CT $vmid";
829
830 return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
831 }});
832
833
834 __PACKAGE__->register_method({
835 name => 'migrate_vm',
836 path => '{vmid}/migrate',
837 method => 'POST',
838 protected => 1,
839 proxyto => 'node',
840 description => "Migrate the container to another node. Creates a new migration task.",
841 permissions => {
842 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
843 },
844 parameters => {
845 additionalProperties => 0,
846 properties => {
847 node => get_standard_option('pve-node'),
848 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
849 target => get_standard_option('pve-node', {
850 description => "Target node.",
851 completion => \&PVE::Cluster::complete_migration_target,
852 }),
853 online => {
854 type => 'boolean',
855 description => "Use online/live migration.",
856 optional => 1,
857 },
858 restart => {
859 type => 'boolean',
860 description => "Use restart migration",
861 optional => 1,
862 },
863 timeout => {
864 type => 'integer',
865 description => "Timeout in seconds for shutdown for restart migration",
866 optional => 1,
867 default => 180,
868 },
869 force => {
870 type => 'boolean',
871 description => "Force migration despite local bind / device" .
872 " mounts. NOTE: deprecated, use 'shared' property of mount point instead.",
873 optional => 1,
874 },
875 },
876 },
877 returns => {
878 type => 'string',
879 description => "the task ID.",
880 },
881 code => sub {
882 my ($param) = @_;
883
884 my $rpcenv = PVE::RPCEnvironment::get();
885
886 my $authuser = $rpcenv->get_user();
887
888 my $target = extract_param($param, 'target');
889
890 my $localnode = PVE::INotify::nodename();
891 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
892
893 PVE::Cluster::check_cfs_quorum();
894
895 PVE::Cluster::check_node_exists($target);
896
897 my $targetip = PVE::Cluster::remote_node_ip($target);
898
899 my $vmid = extract_param($param, 'vmid');
900
901 # test if VM exists
902 PVE::LXC::Config->load_config($vmid);
903
904 # try to detect errors early
905 if (PVE::LXC::check_running($vmid)) {
906 die "can't migrate running container without --online or --restart\n"
907 if !$param->{online} && !$param->{restart};
908 }
909
910 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
911
912 my $hacmd = sub {
913 my $upid = shift;
914
915 my $service = "ct:$vmid";
916
917 my $cmd = ['ha-manager', 'migrate', $service, $target];
918
919 print "Executing HA migrate for CT $vmid to node $target\n";
920
921 PVE::Tools::run_command($cmd);
922
923 return;
924 };
925
926 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
927
928 } else {
929
930 my $realcmd = sub {
931 my $upid = shift;
932
933 PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param);
934
935 return;
936 };
937
938 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $realcmd);
939 }
940 }});
941
942 __PACKAGE__->register_method({
943 name => 'vm_feature',
944 path => '{vmid}/feature',
945 method => 'GET',
946 proxyto => 'node',
947 protected => 1,
948 description => "Check if feature for virtual machine is available.",
949 permissions => {
950 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
951 },
952 parameters => {
953 additionalProperties => 0,
954 properties => {
955 node => get_standard_option('pve-node'),
956 vmid => get_standard_option('pve-vmid'),
957 feature => {
958 description => "Feature to check.",
959 type => 'string',
960 enum => [ 'snapshot' ],
961 },
962 snapname => get_standard_option('pve-lxc-snapshot-name', {
963 optional => 1,
964 }),
965 },
966 },
967 returns => {
968 type => "object",
969 properties => {
970 hasFeature => { type => 'boolean' },
971 #nodes => {
972 #type => 'array',
973 #items => { type => 'string' },
974 #}
975 },
976 },
977 code => sub {
978 my ($param) = @_;
979
980 my $node = extract_param($param, 'node');
981
982 my $vmid = extract_param($param, 'vmid');
983
984 my $snapname = extract_param($param, 'snapname');
985
986 my $feature = extract_param($param, 'feature');
987
988 my $conf = PVE::LXC::Config->load_config($vmid);
989
990 if($snapname){
991 my $snap = $conf->{snapshots}->{$snapname};
992 die "snapshot '$snapname' does not exist\n" if !defined($snap);
993 $conf = $snap;
994 }
995 my $storage_cfg = PVE::Storage::config();
996 #Maybe include later
997 #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg);
998 my $hasFeature = PVE::LXC::Config->has_feature($feature, $conf, $storage_cfg, $snapname);
999
1000 return {
1001 hasFeature => $hasFeature,
1002 #nodes => [ keys %$nodelist ],
1003 };
1004 }});
1005
1006 __PACKAGE__->register_method({
1007 name => 'template',
1008 path => '{vmid}/template',
1009 method => 'POST',
1010 protected => 1,
1011 proxyto => 'node',
1012 description => "Create a Template.",
1013 permissions => {
1014 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
1015 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1016 },
1017 parameters => {
1018 additionalProperties => 0,
1019 properties => {
1020 node => get_standard_option('pve-node'),
1021 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
1022 experimental => {
1023 type => 'boolean',
1024 description => "The template feature is experimental, set this " .
1025 "flag if you know what you are doing.",
1026 default => 0,
1027 },
1028 },
1029 },
1030 returns => { type => 'null'},
1031 code => sub {
1032 my ($param) = @_;
1033
1034 my $rpcenv = PVE::RPCEnvironment::get();
1035
1036 my $authuser = $rpcenv->get_user();
1037
1038 my $node = extract_param($param, 'node');
1039
1040 my $vmid = extract_param($param, 'vmid');
1041
1042 my $updatefn = sub {
1043
1044 my $conf = PVE::LXC::Config->load_config($vmid);
1045 PVE::LXC::Config->check_lock($conf);
1046
1047 die "unable to create template, because CT contains snapshots\n"
1048 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
1049
1050 die "you can't convert a template to a template\n"
1051 if PVE::LXC::Config->is_template($conf);
1052
1053 die "you can't convert a CT to template if the CT is running\n"
1054 if PVE::LXC::check_running($vmid);
1055
1056 my $realcmd = sub {
1057 PVE::LXC::template_create($vmid, $conf);
1058 };
1059
1060 $conf->{template} = 1;
1061
1062 PVE::LXC::Config->write_config($vmid, $conf);
1063 # and remove lxc config
1064 PVE::LXC::update_lxc_config($vmid, $conf);
1065
1066 return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd);
1067 };
1068
1069 PVE::LXC::Config->lock_config($vmid, $updatefn);
1070
1071 return undef;
1072 }});
1073
1074 __PACKAGE__->register_method({
1075 name => 'clone_vm',
1076 path => '{vmid}/clone',
1077 method => 'POST',
1078 protected => 1,
1079 proxyto => 'node',
1080 description => "Create a container clone/copy",
1081 permissions => {
1082 description => "You need 'VM.Clone' permissions on /vms/{vmid}, " .
1083 "and 'VM.Allocate' permissions " .
1084 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
1085 "'Datastore.AllocateSpace' on any used storage.",
1086 check =>
1087 [ 'and',
1088 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
1089 [ 'or',
1090 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
1091 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
1092 ],
1093 ]
1094 },
1095 parameters => {
1096 additionalProperties => 0,
1097 properties => {
1098 node => get_standard_option('pve-node'),
1099 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1100 newid => get_standard_option('pve-vmid', {
1101 completion => \&PVE::Cluster::complete_next_vmid,
1102 description => 'VMID for the clone.' }),
1103 hostname => {
1104 optional => 1,
1105 type => 'string', format => 'dns-name',
1106 description => "Set a hostname for the new CT.",
1107 },
1108 description => {
1109 optional => 1,
1110 type => 'string',
1111 description => "Description for the new CT.",
1112 },
1113 pool => {
1114 optional => 1,
1115 type => 'string', format => 'pve-poolid',
1116 description => "Add the new CT to the specified pool.",
1117 },
1118 snapname => get_standard_option('pve-lxc-snapshot-name', {
1119 optional => 1,
1120 }),
1121 storage => get_standard_option('pve-storage-id', {
1122 description => "Target storage for full clone.",
1123 requires => 'full',
1124 optional => 1,
1125 }),
1126 full => {
1127 optional => 1,
1128 type => 'boolean',
1129 description => "Create a full copy of all disk. This is always done when " .
1130 "you clone a normal CT. For CT templates, we try to create a linked clone by default.",
1131 default => 0,
1132 },
1133 experimental => {
1134 type => 'boolean',
1135 description => "The clone feature is experimental, set this " .
1136 "flag if you know what you are doing.",
1137 default => 0,
1138 },
1139 # target => get_standard_option('pve-node', {
1140 # description => "Target node. Only allowed if the original VM is on shared storage.",
1141 # optional => 1,
1142 # }),
1143 },
1144 },
1145 returns => {
1146 type => 'string',
1147 },
1148 code => sub {
1149 my ($param) = @_;
1150
1151 my $rpcenv = PVE::RPCEnvironment::get();
1152
1153 my $authuser = $rpcenv->get_user();
1154
1155 my $node = extract_param($param, 'node');
1156
1157 my $vmid = extract_param($param, 'vmid');
1158
1159 my $newid = extract_param($param, 'newid');
1160
1161 my $pool = extract_param($param, 'pool');
1162
1163 if (defined($pool)) {
1164 $rpcenv->check_pool_exist($pool);
1165 }
1166
1167 my $snapname = extract_param($param, 'snapname');
1168
1169 my $storage = extract_param($param, 'storage');
1170
1171 my $localnode = PVE::INotify::nodename();
1172
1173 my $storecfg = PVE::Storage::config();
1174
1175 if ($storage) {
1176 # check if storage is enabled on local node
1177 PVE::Storage::storage_check_enabled($storecfg, $storage);
1178 }
1179
1180 PVE::Cluster::check_cfs_quorum();
1181
1182 my $running = PVE::LXC::check_running($vmid) || 0;
1183
1184 my $clonefn = sub {
1185
1186 # do all tests after lock
1187 # we also try to do all tests before we fork the worker
1188 my $conf = PVE::LXC::Config->load_config($vmid);
1189
1190 PVE::LXC::Config->check_lock($conf);
1191
1192 my $verify_running = PVE::LXC::check_running($vmid) || 0;
1193
1194 die "unexpected state change\n" if $verify_running != $running;
1195
1196 die "snapshot '$snapname' does not exist\n"
1197 if $snapname && !defined( $conf->{snapshots}->{$snapname});
1198
1199 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
1200
1201 my $conffile = PVE::LXC::Config->config_file($newid);
1202 die "unable to create CT $newid: config file already exists\n"
1203 if -f $conffile;
1204
1205 my $newconf = { lock => 'clone' };
1206 my $mountpoints = {};
1207 my $fullclone = {};
1208 my $vollist = [];
1209
1210 foreach my $opt (keys %$oldconf) {
1211 my $value = $oldconf->{$opt};
1212
1213 # no need to copy unused images, because VMID(owner) changes anyways
1214 next if $opt =~ m/^unused\d+$/;
1215
1216 if (($opt eq 'rootfs') || ($opt =~ m/^mp\d+$/)) {
1217 my $mp = $opt eq 'rootfs' ?
1218 PVE::LXC::Config->parse_ct_rootfs($value) :
1219 PVE::LXC::Config->parse_ct_mountpoint($value);
1220
1221 if ($mp->{type} eq 'volume') {
1222 my $volid = $mp->{volume};
1223 if ($param->{full}) {
1224 die "fixme: full clone not implemented";
1225
1226 die "Full clone feature for '$volid' is not available\n"
1227 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $volid, $snapname, $running);
1228 $fullclone->{$opt} = 1;
1229 } else {
1230 # not full means clone instead of copy
1231 die "Linked clone feature for '$volid' is not available\n"
1232 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $volid, $snapname, $running);
1233 }
1234
1235 $mountpoints->{$opt} = $mp;
1236 push @$vollist, $volid;
1237
1238 } else {
1239 # TODO: allow bind mounts?
1240 die "unable to clone mountpint '$opt' (type $mp->{type})\n";
1241 }
1242
1243 } else {
1244 # copy everything else
1245 $newconf->{$opt} = $value;
1246 }
1247 }
1248
1249 delete $newconf->{template};
1250 if ($param->{hostname}) {
1251 $newconf->{hostname} = $param->{hostname};
1252 }
1253
1254 if ($param->{description}) {
1255 $newconf->{description} = $param->{description};
1256 }
1257
1258 # create empty/temp config - this fails if CT already exists on other node
1259 PVE::Tools::file_set_contents($conffile, "# ctclone temporary file\nlock: clone\n");
1260
1261 my $realcmd = sub {
1262 my $upid = shift;
1263
1264 my $newvollist = [];
1265
1266 eval {
1267 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
1268
1269 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
1270
1271 foreach my $opt (keys %$mountpoints) {
1272 my $mp = $mountpoints->{$opt};
1273 my $volid = $mp->{volume};
1274
1275 if ($fullclone->{$opt}) {
1276 die "fixme: full clone not implemented\n";
1277 } else {
1278 print "create linked clone of mount point $opt ($volid)\n";
1279 my $newvolid = PVE::Storage::vdisk_clone($storecfg, $volid, $newid, $snapname);
1280 push @$newvollist, $newvolid;
1281 $mp->{volume} = $newvolid;
1282
1283 $newconf->{$opt} = PVE::LXC::Config->print_ct_mountpoint($mp, $opt eq 'rootfs');
1284 PVE::LXC::Config->write_config($newid, $newconf);
1285 }
1286 }
1287
1288 delete $newconf->{lock};
1289 PVE::LXC::Config->write_config($newid, $newconf);
1290
1291 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
1292 };
1293 if (my $err = $@) {
1294 unlink $conffile;
1295
1296 sleep 1; # some storage like rbd need to wait before release volume - really?
1297
1298 foreach my $volid (@$newvollist) {
1299 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
1300 warn $@ if $@;
1301 }
1302 die "clone failed: $err";
1303 }
1304
1305 return;
1306 };
1307
1308 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
1309
1310 return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);
1311
1312 };
1313
1314 return PVE::LXC::Config->lock_config($vmid, $clonefn);
1315 }});
1316
1317
1318 __PACKAGE__->register_method({
1319 name => 'resize_vm',
1320 path => '{vmid}/resize',
1321 method => 'PUT',
1322 protected => 1,
1323 proxyto => 'node',
1324 description => "Resize a container mount point.",
1325 permissions => {
1326 check => ['perm', '/vms/{vmid}', ['VM.Config.Disk'], any => 1],
1327 },
1328 parameters => {
1329 additionalProperties => 0,
1330 properties => {
1331 node => get_standard_option('pve-node'),
1332 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1333 disk => {
1334 type => 'string',
1335 description => "The disk you want to resize.",
1336 enum => [PVE::LXC::Config->mountpoint_names()],
1337 },
1338 size => {
1339 type => 'string',
1340 pattern => '\+?\d+(\.\d+)?[KMGT]?',
1341 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
1342 },
1343 digest => {
1344 type => 'string',
1345 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1346 maxLength => 40,
1347 optional => 1,
1348 }
1349 },
1350 },
1351 returns => {
1352 type => 'string',
1353 description => "the task ID.",
1354 },
1355 code => sub {
1356 my ($param) = @_;
1357
1358 my $rpcenv = PVE::RPCEnvironment::get();
1359
1360 my $authuser = $rpcenv->get_user();
1361
1362 my $node = extract_param($param, 'node');
1363
1364 my $vmid = extract_param($param, 'vmid');
1365
1366 my $digest = extract_param($param, 'digest');
1367
1368 my $sizestr = extract_param($param, 'size');
1369 my $ext = ($sizestr =~ s/^\+//);
1370 my $newsize = PVE::JSONSchema::parse_size($sizestr);
1371 die "invalid size string" if !defined($newsize);
1372
1373 die "no options specified\n" if !scalar(keys %$param);
1374
1375 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, $param, []);
1376
1377 my $storage_cfg = cfs_read_file("storage.cfg");
1378
1379 my $code = sub {
1380
1381 my $conf = PVE::LXC::Config->load_config($vmid);
1382 PVE::LXC::Config->check_lock($conf);
1383
1384 PVE::Tools::assert_if_modified($digest, $conf->{digest});
1385
1386 my $running = PVE::LXC::check_running($vmid);
1387
1388 my $disk = $param->{disk};
1389 my $mp = $disk eq 'rootfs' ? PVE::LXC::Config->parse_ct_rootfs($conf->{$disk}) :
1390 PVE::LXC::Config->parse_ct_mountpoint($conf->{$disk});
1391
1392 my $volid = $mp->{volume};
1393
1394 my (undef, undef, $owner, undef, undef, undef, $format) =
1395 PVE::Storage::parse_volname($storage_cfg, $volid);
1396
1397 die "can't resize mount point owned by another container ($owner)"
1398 if $vmid != $owner;
1399
1400 die "can't resize volume: $disk if snapshot exists\n"
1401 if %{$conf->{snapshots}} && $format eq 'qcow2';
1402
1403 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
1404
1405 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
1406
1407 PVE::Storage::activate_volumes($storage_cfg, [$volid]);
1408
1409 my $size = PVE::Storage::volume_size_info($storage_cfg, $volid, 5);
1410 $newsize += $size if $ext;
1411 $newsize = int($newsize);
1412
1413 die "unable to shrink disk size\n" if $newsize < $size;
1414
1415 return if $size == $newsize;
1416
1417 PVE::Cluster::log_msg('info', $authuser, "update CT $vmid: resize --disk $disk --size $sizestr");
1418 my $realcmd = sub {
1419 # Note: PVE::Storage::volume_resize doesn't do anything if $running=1, so
1420 # we pass 0 here (parameter only makes sense for qemu)
1421 PVE::Storage::volume_resize($storage_cfg, $volid, $newsize, 0);
1422
1423 $mp->{size} = $newsize;
1424 $conf->{$disk} = PVE::LXC::Config->print_ct_mountpoint($mp, $disk eq 'rootfs');
1425
1426 PVE::LXC::Config->write_config($vmid, $conf);
1427
1428 if ($format eq 'raw') {
1429 my $path = PVE::Storage::path($storage_cfg, $volid, undef);
1430 if ($running) {
1431
1432 $mp->{mp} = '/';
1433 my $use_loopdev = (PVE::LXC::mountpoint_mount_path($mp, $storage_cfg))[1];
1434 $path = PVE::LXC::query_loopdev($path) if $use_loopdev;
1435 die "internal error: CT running but mount point not attached to a loop device"
1436 if !$path;
1437 PVE::Tools::run_command(['losetup', '--set-capacity', $path]) if $use_loopdev;
1438
1439 # In order for resize2fs to know that we need online-resizing a mountpoint needs
1440 # to be visible to it in its namespace.
1441 # To not interfere with the rest of the system we unshare the current mount namespace,
1442 # mount over /tmp and then run resize2fs.
1443
1444 # interestingly we don't need to e2fsck on mounted systems...
1445 my $quoted = PVE::Tools::shellquote($path);
1446 my $cmd = "mount --make-rprivate / && mount $quoted /tmp && resize2fs $quoted";
1447 eval {
1448 PVE::Tools::run_command(['unshare', '-m', '--', 'sh', '-c', $cmd]);
1449 };
1450 warn "Failed to update the container's filesystem: $@\n" if $@;
1451 } else {
1452 eval {
1453 PVE::Tools::run_command(['e2fsck', '-f', '-y', $path]);
1454 PVE::Tools::run_command(['resize2fs', $path]);
1455 };
1456 warn "Failed to update the container's filesystem: $@\n" if $@;
1457 }
1458 }
1459 };
1460
1461 return $rpcenv->fork_worker('resize', $vmid, $authuser, $realcmd);
1462 };
1463
1464 return PVE::LXC::Config->lock_config($vmid, $code);;
1465 }});
1466
1467 1;
PVE Container Toolkit