]> git.proxmox.com Git - pve-container.git/blob - src/PVE/API2/LXC.pm
projects / pve-container.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vmlist: document return properties
[pve-container.git] / src / PVE / API2 / LXC.pm
1 package PVE::API2::LXC;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param run_command);
8 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
9 use PVE::INotify;
10 use PVE::Cluster qw(cfs_read_file);
11 use PVE::AccessControl;
12 use PVE::Firewall;
13 use PVE::Storage;
14 use PVE::RESTHandler;
15 use PVE::RPCEnvironment;
16 use PVE::ReplicationConfig;
17 use PVE::LXC;
18 use PVE::LXC::Create;
19 use PVE::LXC::Migrate;
20 use PVE::GuestHelpers;
21 use PVE::API2::LXC::Config;
22 use PVE::API2::LXC::Status;
23 use PVE::API2::LXC::Snapshot;
24 use PVE::JSONSchema qw(get_standard_option);
25 use base qw(PVE::RESTHandler);
26
27 BEGIN {
28 if (!$ENV{PVE_GENERATING_DOCS}) {
29 require PVE::HA::Env::PVE2;
30 import PVE::HA::Env::PVE2;
31 require PVE::HA::Config;
32 import PVE::HA::Config;
33 }
34 }
35
36 __PACKAGE__->register_method ({
37 subclass => "PVE::API2::LXC::Config",
38 path => '{vmid}/config',
39 });
40
41 __PACKAGE__->register_method ({
42 subclass => "PVE::API2::LXC::Status",
43 path => '{vmid}/status',
44 });
45
46 __PACKAGE__->register_method ({
47 subclass => "PVE::API2::LXC::Snapshot",
48 path => '{vmid}/snapshot',
49 });
50
51 __PACKAGE__->register_method ({
52 subclass => "PVE::API2::Firewall::CT",
53 path => '{vmid}/firewall',
54 });
55
56 __PACKAGE__->register_method({
57 name => 'vmlist',
58 path => '',
59 method => 'GET',
60 description => "LXC container index (per node).",
61 permissions => {
62 description => "Only list CTs where you have VM.Audit permissons on /vms/<vmid>.",
63 user => 'all',
64 },
65 proxyto => 'node',
66 protected => 1, # /proc files are only readable by root
67 parameters => {
68 additionalProperties => 0,
69 properties => {
70 node => get_standard_option('pve-node'),
71 },
72 },
73 returns => {
74 type => 'array',
75 items => {
76 type => "object",
77 properties => {
78 vmid => get_standard_option('pve-vmid'),
79 status => {
80 description => "LXC Container status.",
81 type => 'string',
82 enum => ['stopped', 'running'],
83 },
84 maxmem => {
85 description => "Maximum memory in bytes.",
86 type => 'integer',
87 optional => 1,
88 renderer => 'bytes',
89 },
90 maxswap => {
91 description => "Maximum SWAP memory in bytes.",
92 type => 'integer',
93 optional => 1,
94 renderer => 'bytes',
95 },
96 maxdisk => {
97 description => "Root disk size in bytes.",
98 type => 'integer',
99 optional => 1,
100 renderer => 'bytes',
101 },
102 name => {
103 description => "Container name.",
104 type => 'string',
105 optional => 1,
106 },
107 uptime => {
108 description => "Uptime.",
109 type => 'integer',
110 optional => 1,
111 renderer => 'duration',
112 },
113 cpus => {
114 description => "Maximum usable CPUs.",
115 type => 'number',
116 optional => 1,
117 },
118 },
119 },
120 links => [ { rel => 'child', href => "{vmid}" } ],
121 },
122 code => sub {
123 my ($param) = @_;
124
125 my $rpcenv = PVE::RPCEnvironment::get();
126 my $authuser = $rpcenv->get_user();
127
128 my $vmstatus = PVE::LXC::vmstatus();
129
130 my $res = [];
131 foreach my $vmid (keys %$vmstatus) {
132 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
133
134 my $data = $vmstatus->{$vmid};
135 $data->{vmid} = $vmid;
136 push @$res, $data;
137 }
138
139 return $res;
140
141 }});
142
143 __PACKAGE__->register_method({
144 name => 'create_vm',
145 path => '',
146 method => 'POST',
147 description => "Create or restore a container.",
148 permissions => {
149 user => 'all', # check inside
150 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
151 "For restore, it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
152 "You also need 'Datastore.AllocateSpace' permissions on the storage.",
153 },
154 protected => 1,
155 proxyto => 'node',
156 parameters => {
157 additionalProperties => 0,
158 properties => PVE::LXC::Config->json_config_properties({
159 node => get_standard_option('pve-node'),
160 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
161 ostemplate => {
162 description => "The OS template or backup file.",
163 type => 'string',
164 maxLength => 255,
165 completion => \&PVE::LXC::complete_os_templates,
166 },
167 password => {
168 optional => 1,
169 type => 'string',
170 description => "Sets root password inside container.",
171 minLength => 5,
172 },
173 storage => get_standard_option('pve-storage-id', {
174 description => "Default Storage.",
175 default => 'local',
176 optional => 1,
177 completion => \&PVE::Storage::complete_storage_enabled,
178 }),
179 force => {
180 optional => 1,
181 type => 'boolean',
182 description => "Allow to overwrite existing container.",
183 },
184 restore => {
185 optional => 1,
186 type => 'boolean',
187 description => "Mark this as restore task.",
188 },
189 pool => {
190 optional => 1,
191 type => 'string', format => 'pve-poolid',
192 description => "Add the VM to the specified pool.",
193 },
194 'ignore-unpack-errors' => {
195 optional => 1,
196 type => 'boolean',
197 description => "Ignore errors when extracting the template.",
198 },
199 'ssh-public-keys' => {
200 optional => 1,
201 type => 'string',
202 description => "Setup public SSH keys (one key per line, " .
203 "OpenSSH format).",
204 },
205 bwlimit => {
206 description => "Override i/o bandwidth limit (in KiB/s).",
207 optional => 1,
208 type => 'number',
209 minimum => '0',
210 },
211 start => {
212 optional => 1,
213 type => 'boolean',
214 default => 0,
215 description => "Start the CT after its creation finished successfully.",
216 },
217 }),
218 },
219 returns => {
220 type => 'string',
221 },
222 code => sub {
223 my ($param) = @_;
224
225 my $rpcenv = PVE::RPCEnvironment::get();
226
227 my $authuser = $rpcenv->get_user();
228
229 my $node = extract_param($param, 'node');
230
231 my $vmid = extract_param($param, 'vmid');
232
233 my $ignore_unpack_errors = extract_param($param, 'ignore-unpack-errors');
234
235 my $bwlimit = extract_param($param, 'bwlimit');
236
237 my $start_after_create = extract_param($param, 'start');
238
239 my $basecfg_fn = PVE::LXC::Config->config_file($vmid);
240
241 my $same_container_exists = -f $basecfg_fn;
242
243 # 'unprivileged' is read-only, so we can't pass it to update_pct_config
244 my $unprivileged = extract_param($param, 'unprivileged');
245
246 my $restore = extract_param($param, 'restore');
247
248 if ($restore) {
249 # fixme: limit allowed parameters
250
251 }
252
253 my $force = extract_param($param, 'force');
254
255 if (!($same_container_exists && $restore && $force)) {
256 PVE::Cluster::check_vmid_unused($vmid);
257 } else {
258 my $conf = PVE::LXC::Config->load_config($vmid);
259 PVE::LXC::Config->check_protection($conf, "unable to restore CT $vmid");
260 }
261
262 my $password = extract_param($param, 'password');
263
264 my $ssh_keys = extract_param($param, 'ssh-public-keys');
265 PVE::Tools::validate_ssh_public_keys($ssh_keys) if defined($ssh_keys);
266
267 my $pool = extract_param($param, 'pool');
268
269 if (defined($pool)) {
270 $rpcenv->check_pool_exist($pool);
271 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
272 }
273
274 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
275 # OK
276 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
277 # OK
278 } elsif ($restore && $force && $same_container_exists &&
279 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
280 # OK: user has VM.Backup permissions, and want to restore an existing VM
281 } else {
282 raise_perm_exc();
283 }
284
285 my $ostemplate = extract_param($param, 'ostemplate');
286 my $storage = extract_param($param, 'storage') // 'local';
287
288 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, $pool, $param, []);
289
290 my $storage_cfg = cfs_read_file("storage.cfg");
291
292
293 my $archive;
294
295 if ($ostemplate eq '-') {
296 die "pipe requires cli environment\n"
297 if $rpcenv->{type} ne 'cli';
298 die "pipe can only be used with restore tasks\n"
299 if !$restore;
300 $archive = '-';
301 die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs});
302 } else {
303 PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, $vmid, $ostemplate);
304 $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $ostemplate);
305 }
306
307 my %used_storages;
308 my $check_and_activate_storage = sub {
309 my ($sid) = @_;
310
311 my $scfg = PVE::Storage::storage_check_node($storage_cfg, $sid, $node);
312
313 raise_param_exc({ storage => "storage '$sid' does not support container directories"})
314 if !$scfg->{content}->{rootdir};
315
316 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
317
318 PVE::Storage::activate_storage($storage_cfg, $sid);
319
320 $used_storages{$sid} = 1;
321 };
322
323 my $conf = {};
324
325 my $no_disk_param = {};
326 my $mp_param = {};
327 my $storage_only_mode = 1;
328 foreach my $opt (keys %$param) {
329 my $value = $param->{$opt};
330 if ($opt eq 'rootfs' || $opt =~ m/^mp\d+$/) {
331 # allow to use simple numbers (add default storage in that case)
332 if ($value =~ m/^\d+(\.\d+)?$/) {
333 $mp_param->{$opt} = "$storage:$value";
334 } else {
335 $mp_param->{$opt} = $value;
336 }
337 $storage_only_mode = 0;
338 } elsif ($opt =~ m/^unused\d+$/) {
339 warn "ignoring '$opt', cannot create/restore with unused volume\n";
340 delete $param->{$opt};
341 } else {
342 $no_disk_param->{$opt} = $value;
343 }
344 }
345
346 die "mount points configured, but 'rootfs' not set - aborting\n"
347 if !$storage_only_mode && !defined($mp_param->{rootfs});
348
349 # check storage access, activate storage
350 my $delayed_mp_param = {};
351 PVE::LXC::Config->foreach_mountpoint($mp_param, sub {
352 my ($ms, $mountpoint) = @_;
353
354 my $volid = $mountpoint->{volume};
355 my $mp = $mountpoint->{mp};
356
357 if ($mountpoint->{type} ne 'volume') { # bind or device
358 die "Only root can pass arbitrary filesystem paths.\n"
359 if $authuser ne 'root@pam';
360 } else {
361 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
362 &$check_and_activate_storage($sid);
363 }
364 });
365
366 # check/activate default storage
367 &$check_and_activate_storage($storage) if !defined($mp_param->{rootfs});
368
369 PVE::LXC::Config->update_pct_config($vmid, $conf, 0, $no_disk_param);
370
371 $conf->{unprivileged} = 1 if $unprivileged;
372
373 my $check_vmid_usage = sub {
374 if ($force) {
375 die "can't overwrite running container\n"
376 if PVE::LXC::check_running($vmid);
377 } else {
378 PVE::Cluster::check_vmid_unused($vmid);
379 }
380 };
381
382 my $code = sub {
383 &$check_vmid_usage(); # final check after locking
384 my $old_conf;
385
386 my $config_fn = PVE::LXC::Config->config_file($vmid);
387 if (-f $config_fn) {
388 die "container exists" if !$restore; # just to be sure
389 $old_conf = PVE::LXC::Config->load_config($vmid);
390 } else {
391 eval {
392 # try to create empty config on local node, we have an flock
393 PVE::LXC::Config->write_config($vmid, {});
394 };
395
396 # another node was faster, abort
397 die "Could not reserve ID $vmid, already taken\n" if $@;
398 }
399
400 PVE::Cluster::check_cfs_quorum();
401 my $vollist = [];
402
403 eval {
404 if ($storage_only_mode) {
405 if ($restore) {
406 (undef, $mp_param) = PVE::LXC::Create::recover_config($archive);
407 die "rootfs configuration could not be recovered, please check and specify manually!\n"
408 if !defined($mp_param->{rootfs});
409 PVE::LXC::Config->foreach_mountpoint($mp_param, sub {
410 my ($ms, $mountpoint) = @_;
411 my $type = $mountpoint->{type};
412 if ($type eq 'volume') {
413 die "unable to detect disk size - please specify $ms (size)\n"
414 if !defined($mountpoint->{size});
415 my $disksize = $mountpoint->{size} / (1024 * 1024 * 1024); # create_disks expects GB as unit size
416 delete $mountpoint->{size};
417 $mountpoint->{volume} = "$storage:$disksize";
418 $mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs');
419 } else {
420 my $type = $mountpoint->{type};
421 die "restoring rootfs to $type mount is only possible by specifying -rootfs manually!\n"
422 if ($ms eq 'rootfs');
423 die "restoring '$ms' to $type mount is only possible for root\n"
424 if $authuser ne 'root@pam';
425
426 if ($mountpoint->{backup}) {
427 warn "WARNING - unsupported configuration!\n";
428 warn "backup was enabled for $type mount point $ms ('$mountpoint->{mp}')\n";
429 warn "mount point configuration will be restored after archive extraction!\n";
430 warn "contained files will be restored to wrong directory!\n";
431 }
432 delete $mp_param->{$ms}; # actually delay bind/dev mps
433 $delayed_mp_param->{$ms} = PVE::LXC::Config->print_ct_mountpoint($mountpoint, $ms eq 'rootfs');
434 }
435 });
436 } else {
437 $mp_param->{rootfs} = "$storage:4"; # defaults to 4GB
438 }
439 }
440
441 $vollist = PVE::LXC::create_disks($storage_cfg, $vmid, $mp_param, $conf);
442
443 if (defined($old_conf)) {
444 # destroy old container volumes
445 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $old_conf, {});
446 }
447
448 eval {
449 my $rootdir = PVE::LXC::mount_all($vmid, $storage_cfg, $conf, 1);
450 $bwlimit = PVE::Storage::get_bandwidth_limit('restore', [keys %used_storages], $bwlimit);
451 PVE::LXC::Create::restore_archive($archive, $rootdir, $conf, $ignore_unpack_errors, $bwlimit);
452
453 if ($restore) {
454 PVE::LXC::Create::restore_configuration($vmid, $rootdir, $conf, $authuser ne 'root@pam');
455 } else {
456 my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
457 PVE::LXC::Config->write_config($vmid, $conf); # safe config (after OS detection)
458 $lxc_setup->post_create_hook($password, $ssh_keys);
459 }
460 };
461 my $err = $@;
462 PVE::LXC::umount_all($vmid, $storage_cfg, $conf, $err ? 1 : 0);
463 PVE::Storage::deactivate_volumes($storage_cfg, PVE::LXC::Config->get_vm_volumes($conf));
464 die $err if $err;
465 # set some defaults
466 $conf->{hostname} ||= "CT$vmid";
467 $conf->{memory} ||= 512;
468 $conf->{swap} //= 512;
469 foreach my $mp (keys %$delayed_mp_param) {
470 $conf->{$mp} = $delayed_mp_param->{$mp};
471 }
472 PVE::LXC::Config->write_config($vmid, $conf);
473 };
474 if (my $err = $@) {
475 PVE::LXC::destroy_disks($storage_cfg, $vollist);
476 PVE::LXC::destroy_config($vmid);
477 die $err;
478 }
479 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
480
481 PVE::API2::LXC::Status->vm_start({ vmid => $vmid, node => $node })
482 if $start_after_create;
483 };
484
485 my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
486
487 &$check_vmid_usage(); # first check before locking
488
489 return $rpcenv->fork_worker($restore ? 'vzrestore' : 'vzcreate',
490 $vmid, $authuser, $realcmd);
491
492 }});
493
494 __PACKAGE__->register_method({
495 name => 'vmdiridx',
496 path => '{vmid}',
497 method => 'GET',
498 proxyto => 'node',
499 description => "Directory index",
500 permissions => {
501 user => 'all',
502 },
503 parameters => {
504 additionalProperties => 0,
505 properties => {
506 node => get_standard_option('pve-node'),
507 vmid => get_standard_option('pve-vmid'),
508 },
509 },
510 returns => {
511 type => 'array',
512 items => {
513 type => "object",
514 properties => {
515 subdir => { type => 'string' },
516 },
517 },
518 links => [ { rel => 'child', href => "{subdir}" } ],
519 },
520 code => sub {
521 my ($param) = @_;
522
523 # test if VM exists
524 my $conf = PVE::LXC::Config->load_config($param->{vmid});
525
526 my $res = [
527 { subdir => 'config' },
528 { subdir => 'status' },
529 { subdir => 'vncproxy' },
530 { subdir => 'termproxy' },
531 { subdir => 'vncwebsocket' },
532 { subdir => 'spiceproxy' },
533 { subdir => 'migrate' },
534 { subdir => 'clone' },
535 # { subdir => 'initlog' },
536 { subdir => 'rrd' },
537 { subdir => 'rrddata' },
538 { subdir => 'firewall' },
539 { subdir => 'snapshot' },
540 { subdir => 'resize' },
541 ];
542
543 return $res;
544 }});
545
546
547 __PACKAGE__->register_method({
548 name => 'rrd',
549 path => '{vmid}/rrd',
550 method => 'GET',
551 protected => 1, # fixme: can we avoid that?
552 permissions => {
553 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
554 },
555 description => "Read VM RRD statistics (returns PNG)",
556 parameters => {
557 additionalProperties => 0,
558 properties => {
559 node => get_standard_option('pve-node'),
560 vmid => get_standard_option('pve-vmid'),
561 timeframe => {
562 description => "Specify the time frame you are interested in.",
563 type => 'string',
564 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
565 },
566 ds => {
567 description => "The list of datasources you want to display.",
568 type => 'string', format => 'pve-configid-list',
569 },
570 cf => {
571 description => "The RRD consolidation function",
572 type => 'string',
573 enum => [ 'AVERAGE', 'MAX' ],
574 optional => 1,
575 },
576 },
577 },
578 returns => {
579 type => "object",
580 properties => {
581 filename => { type => 'string' },
582 },
583 },
584 code => sub {
585 my ($param) = @_;
586
587 return PVE::Cluster::create_rrd_graph(
588 "pve2-vm/$param->{vmid}", $param->{timeframe},
589 $param->{ds}, $param->{cf});
590
591 }});
592
593 __PACKAGE__->register_method({
594 name => 'rrddata',
595 path => '{vmid}/rrddata',
596 method => 'GET',
597 protected => 1, # fixme: can we avoid that?
598 permissions => {
599 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
600 },
601 description => "Read VM RRD statistics",
602 parameters => {
603 additionalProperties => 0,
604 properties => {
605 node => get_standard_option('pve-node'),
606 vmid => get_standard_option('pve-vmid'),
607 timeframe => {
608 description => "Specify the time frame you are interested in.",
609 type => 'string',
610 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
611 },
612 cf => {
613 description => "The RRD consolidation function",
614 type => 'string',
615 enum => [ 'AVERAGE', 'MAX' ],
616 optional => 1,
617 },
618 },
619 },
620 returns => {
621 type => "array",
622 items => {
623 type => "object",
624 properties => {},
625 },
626 },
627 code => sub {
628 my ($param) = @_;
629
630 return PVE::Cluster::create_rrd_data(
631 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
632 }});
633
634 __PACKAGE__->register_method({
635 name => 'destroy_vm',
636 path => '{vmid}',
637 method => 'DELETE',
638 protected => 1,
639 proxyto => 'node',
640 description => "Destroy the container (also delete all uses files).",
641 permissions => {
642 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
643 },
644 parameters => {
645 additionalProperties => 0,
646 properties => {
647 node => get_standard_option('pve-node'),
648 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
649 },
650 },
651 returns => {
652 type => 'string',
653 },
654 code => sub {
655 my ($param) = @_;
656
657 my $rpcenv = PVE::RPCEnvironment::get();
658
659 my $authuser = $rpcenv->get_user();
660
661 my $vmid = $param->{vmid};
662
663 # test if container exists
664 my $conf = PVE::LXC::Config->load_config($vmid);
665
666 my $storage_cfg = cfs_read_file("storage.cfg");
667
668 PVE::LXC::Config->check_protection($conf, "can't remove CT $vmid");
669
670 die "unable to remove CT $vmid - used in HA resources\n"
671 if PVE::HA::Config::vm_is_ha_managed($vmid);
672
673 # do not allow destroy if there are replication jobs
674 my $repl_conf = PVE::ReplicationConfig->new();
675 $repl_conf->check_for_existing_jobs($vmid);
676
677 my $running_error_msg = "unable to destroy CT $vmid - container is running\n";
678
679 die $running_error_msg if PVE::LXC::check_running($vmid); # check early
680
681 my $code = sub {
682 # reload config after lock
683 $conf = PVE::LXC::Config->load_config($vmid);
684 PVE::LXC::Config->check_lock($conf);
685
686 die $running_error_msg if PVE::LXC::check_running($vmid);
687
688 PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
689 PVE::AccessControl::remove_vm_access($vmid);
690 PVE::Firewall::remove_vmfw_conf($vmid);
691 };
692
693 my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
694
695 return $rpcenv->fork_worker('vzdestroy', $vmid, $authuser, $realcmd);
696 }});
697
698 my $sslcert;
699
700 __PACKAGE__->register_method ({
701 name => 'vncproxy',
702 path => '{vmid}/vncproxy',
703 method => 'POST',
704 protected => 1,
705 permissions => {
706 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
707 },
708 description => "Creates a TCP VNC proxy connections.",
709 parameters => {
710 additionalProperties => 0,
711 properties => {
712 node => get_standard_option('pve-node'),
713 vmid => get_standard_option('pve-vmid'),
714 websocket => {
715 optional => 1,
716 type => 'boolean',
717 description => "use websocket instead of standard VNC.",
718 },
719 width => {
720 optional => 1,
721 description => "sets the width of the console in pixels.",
722 type => 'integer',
723 minimum => 16,
724 maximum => 4096,
725 },
726 height => {
727 optional => 1,
728 description => "sets the height of the console in pixels.",
729 type => 'integer',
730 minimum => 16,
731 maximum => 2160,
732 },
733 },
734 },
735 returns => {
736 additionalProperties => 0,
737 properties => {
738 user => { type => 'string' },
739 ticket => { type => 'string' },
740 cert => { type => 'string' },
741 port => { type => 'integer' },
742 upid => { type => 'string' },
743 },
744 },
745 code => sub {
746 my ($param) = @_;
747
748 my $rpcenv = PVE::RPCEnvironment::get();
749
750 my $authuser = $rpcenv->get_user();
751
752 my $vmid = $param->{vmid};
753 my $node = $param->{node};
754
755 my $authpath = "/vms/$vmid";
756
757 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
758
759 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
760 if !$sslcert;
761
762 my ($remip, $family);
763
764 if ($node ne PVE::INotify::nodename()) {
765 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
766 } else {
767 $family = PVE::Tools::get_host_address_family($node);
768 }
769
770 my $port = PVE::Tools::next_vnc_port($family);
771
772 # NOTE: vncterm VNC traffic is already TLS encrypted,
773 # so we select the fastest chipher here (or 'none'?)
774 my $remcmd = $remip ?
775 ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
776
777 my $conf = PVE::LXC::Config->load_config($vmid, $node);
778 my $concmd = PVE::LXC::get_console_command($vmid, $conf, 1);
779
780 my $shcmd = [ '/usr/bin/dtach', '-A',
781 "/var/run/dtach/vzctlconsole$vmid",
782 '-r', 'winch', '-z', @$concmd];
783
784 my $realcmd = sub {
785 my $upid = shift;
786
787 syslog ('info', "starting lxc vnc proxy $upid\n");
788
789 my $timeout = 10;
790
791 my $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
792 '-timeout', $timeout, '-authpath', $authpath,
793 '-perm', 'VM.Console'];
794
795 if ($param->{width}) {
796 push @$cmd, '-width', $param->{width};
797 }
798
799 if ($param->{height}) {
800 push @$cmd, '-height', $param->{height};
801 }
802
803 if ($param->{websocket}) {
804 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
805 push @$cmd, '-notls', '-listen', 'localhost';
806 }
807
808 push @$cmd, '-c', @$remcmd, @$shcmd;
809
810 run_command($cmd, keeplocale => 1);
811
812 return;
813 };
814
815 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
816
817 PVE::Tools::wait_for_vnc_port($port);
818
819 return {
820 user => $authuser,
821 ticket => $ticket,
822 port => $port,
823 upid => $upid,
824 cert => $sslcert,
825 };
826 }});
827
828 __PACKAGE__->register_method ({
829 name => 'termproxy',
830 path => '{vmid}/termproxy',
831 method => 'POST',
832 protected => 1,
833 permissions => {
834 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
835 },
836 description => "Creates a TCP proxy connection.",
837 parameters => {
838 additionalProperties => 0,
839 properties => {
840 node => get_standard_option('pve-node'),
841 vmid => get_standard_option('pve-vmid'),
842 },
843 },
844 returns => {
845 additionalProperties => 0,
846 properties => {
847 user => { type => 'string' },
848 ticket => { type => 'string' },
849 port => { type => 'integer' },
850 upid => { type => 'string' },
851 },
852 },
853 code => sub {
854 my ($param) = @_;
855
856 my $rpcenv = PVE::RPCEnvironment::get();
857
858 my $authuser = $rpcenv->get_user();
859
860 my $vmid = $param->{vmid};
861 my $node = $param->{node};
862
863 my $authpath = "/vms/$vmid";
864
865 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
866
867 my ($remip, $family);
868
869 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
870 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
871 } else {
872 $family = PVE::Tools::get_host_address_family($node);
873 }
874
875 my $port = PVE::Tools::next_vnc_port($family);
876
877 my $remcmd = $remip ?
878 ['/usr/bin/ssh', '-e', 'none', '-t', $remip, '--'] : [];
879
880 my $conf = PVE::LXC::Config->load_config($vmid, $node);
881 my $concmd = PVE::LXC::get_console_command($vmid, $conf, 1);
882
883 my $shcmd = [ '/usr/bin/dtach', '-A',
884 "/var/run/dtach/vzctlconsole$vmid",
885 '-r', 'winch', '-z', @$concmd];
886
887 my $realcmd = sub {
888 my $upid = shift;
889
890 syslog ('info', "starting lxc termproxy $upid\n");
891
892 my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
893 '--perm', 'VM.Console', '--'];
894 push @$cmd, @$remcmd, @$shcmd;
895
896 PVE::Tools::run_command($cmd);
897 };
898
899 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
900
901 PVE::Tools::wait_for_vnc_port($port);
902
903 return {
904 user => $authuser,
905 ticket => $ticket,
906 port => $port,
907 upid => $upid,
908 };
909 }});
910
911 __PACKAGE__->register_method({
912 name => 'vncwebsocket',
913 path => '{vmid}/vncwebsocket',
914 method => 'GET',
915 permissions => {
916 description => "You also need to pass a valid ticket (vncticket).",
917 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
918 },
919 description => "Opens a weksocket for VNC traffic.",
920 parameters => {
921 additionalProperties => 0,
922 properties => {
923 node => get_standard_option('pve-node'),
924 vmid => get_standard_option('pve-vmid'),
925 vncticket => {
926 description => "Ticket from previous call to vncproxy.",
927 type => 'string',
928 maxLength => 512,
929 },
930 port => {
931 description => "Port number returned by previous vncproxy call.",
932 type => 'integer',
933 minimum => 5900,
934 maximum => 5999,
935 },
936 },
937 },
938 returns => {
939 type => "object",
940 properties => {
941 port => { type => 'string' },
942 },
943 },
944 code => sub {
945 my ($param) = @_;
946
947 my $rpcenv = PVE::RPCEnvironment::get();
948
949 my $authuser = $rpcenv->get_user();
950
951 my $authpath = "/vms/$param->{vmid}";
952
953 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
954
955 my $port = $param->{port};
956
957 return { port => $port };
958 }});
959
960 __PACKAGE__->register_method ({
961 name => 'spiceproxy',
962 path => '{vmid}/spiceproxy',
963 method => 'POST',
964 protected => 1,
965 proxyto => 'node',
966 permissions => {
967 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
968 },
969 description => "Returns a SPICE configuration to connect to the CT.",
970 parameters => {
971 additionalProperties => 0,
972 properties => {
973 node => get_standard_option('pve-node'),
974 vmid => get_standard_option('pve-vmid'),
975 proxy => get_standard_option('spice-proxy', { optional => 1 }),
976 },
977 },
978 returns => get_standard_option('remote-viewer-config'),
979 code => sub {
980 my ($param) = @_;
981
982 my $vmid = $param->{vmid};
983 my $node = $param->{node};
984 my $proxy = $param->{proxy};
985
986 my $authpath = "/vms/$vmid";
987 my $permissions = 'VM.Console';
988
989 my $conf = PVE::LXC::Config->load_config($vmid);
990
991 die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
992
993 my $concmd = PVE::LXC::get_console_command($vmid, $conf);
994
995 my $shcmd = ['/usr/bin/dtach', '-A',
996 "/var/run/dtach/vzctlconsole$vmid",
997 '-r', 'winch', '-z', @$concmd];
998
999 my $title = "CT $vmid";
1000
1001 return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
1002 }});
1003
1004
1005 __PACKAGE__->register_method({
1006 name => 'migrate_vm',
1007 path => '{vmid}/migrate',
1008 method => 'POST',
1009 protected => 1,
1010 proxyto => 'node',
1011 description => "Migrate the container to another node. Creates a new migration task.",
1012 permissions => {
1013 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
1014 },
1015 parameters => {
1016 additionalProperties => 0,
1017 properties => {
1018 node => get_standard_option('pve-node'),
1019 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1020 target => get_standard_option('pve-node', {
1021 description => "Target node.",
1022 completion => \&PVE::Cluster::complete_migration_target,
1023 }),
1024 online => {
1025 type => 'boolean',
1026 description => "Use online/live migration.",
1027 optional => 1,
1028 },
1029 restart => {
1030 type => 'boolean',
1031 description => "Use restart migration",
1032 optional => 1,
1033 },
1034 timeout => {
1035 type => 'integer',
1036 description => "Timeout in seconds for shutdown for restart migration",
1037 optional => 1,
1038 default => 180,
1039 },
1040 force => {
1041 type => 'boolean',
1042 description => "Force migration despite local bind / device" .
1043 " mounts. NOTE: deprecated, use 'shared' property of mount point instead.",
1044 optional => 1,
1045 },
1046 },
1047 },
1048 returns => {
1049 type => 'string',
1050 description => "the task ID.",
1051 },
1052 code => sub {
1053 my ($param) = @_;
1054
1055 my $rpcenv = PVE::RPCEnvironment::get();
1056
1057 my $authuser = $rpcenv->get_user();
1058
1059 my $target = extract_param($param, 'target');
1060
1061 my $localnode = PVE::INotify::nodename();
1062 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
1063
1064 PVE::Cluster::check_cfs_quorum();
1065
1066 PVE::Cluster::check_node_exists($target);
1067
1068 my $targetip = PVE::Cluster::remote_node_ip($target);
1069
1070 my $vmid = extract_param($param, 'vmid');
1071
1072 # test if VM exists
1073 PVE::LXC::Config->load_config($vmid);
1074
1075 # try to detect errors early
1076 if (PVE::LXC::check_running($vmid)) {
1077 die "can't migrate running container without --online or --restart\n"
1078 if !$param->{online} && !$param->{restart};
1079 }
1080
1081 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
1082
1083 my $hacmd = sub {
1084 my $upid = shift;
1085
1086 my $service = "ct:$vmid";
1087
1088 my $cmd = ['ha-manager', 'migrate', $service, $target];
1089
1090 print "Requesting HA migration for CT $vmid to node $target\n";
1091
1092 PVE::Tools::run_command($cmd);
1093
1094 return;
1095 };
1096
1097 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
1098
1099 } else {
1100
1101 my $realcmd = sub {
1102 PVE::LXC::Migrate->migrate($target, $targetip, $vmid, $param);
1103 };
1104
1105 my $worker = sub {
1106 return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
1107 };
1108
1109 return $rpcenv->fork_worker('vzmigrate', $vmid, $authuser, $worker);
1110 }
1111 }});
1112
1113 __PACKAGE__->register_method({
1114 name => 'vm_feature',
1115 path => '{vmid}/feature',
1116 method => 'GET',
1117 proxyto => 'node',
1118 protected => 1,
1119 description => "Check if feature for virtual machine is available.",
1120 permissions => {
1121 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1122 },
1123 parameters => {
1124 additionalProperties => 0,
1125 properties => {
1126 node => get_standard_option('pve-node'),
1127 vmid => get_standard_option('pve-vmid'),
1128 feature => {
1129 description => "Feature to check.",
1130 type => 'string',
1131 enum => [ 'snapshot', 'clone', 'copy' ],
1132 },
1133 snapname => get_standard_option('pve-lxc-snapshot-name', {
1134 optional => 1,
1135 }),
1136 },
1137 },
1138 returns => {
1139 type => "object",
1140 properties => {
1141 hasFeature => { type => 'boolean' },
1142 #nodes => {
1143 #type => 'array',
1144 #items => { type => 'string' },
1145 #}
1146 },
1147 },
1148 code => sub {
1149 my ($param) = @_;
1150
1151 my $node = extract_param($param, 'node');
1152
1153 my $vmid = extract_param($param, 'vmid');
1154
1155 my $snapname = extract_param($param, 'snapname');
1156
1157 my $feature = extract_param($param, 'feature');
1158
1159 my $conf = PVE::LXC::Config->load_config($vmid);
1160
1161 if($snapname){
1162 my $snap = $conf->{snapshots}->{$snapname};
1163 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1164 $conf = $snap;
1165 }
1166 my $storage_cfg = PVE::Storage::config();
1167 #Maybe include later
1168 #my $nodelist = PVE::LXC::shared_nodes($conf, $storage_cfg);
1169 my $hasFeature = PVE::LXC::Config->has_feature($feature, $conf, $storage_cfg, $snapname);
1170
1171 return {
1172 hasFeature => $hasFeature,
1173 #nodes => [ keys %$nodelist ],
1174 };
1175 }});
1176
1177 __PACKAGE__->register_method({
1178 name => 'template',
1179 path => '{vmid}/template',
1180 method => 'POST',
1181 protected => 1,
1182 proxyto => 'node',
1183 description => "Create a Template.",
1184 permissions => {
1185 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
1186 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1187 },
1188 parameters => {
1189 additionalProperties => 0,
1190 properties => {
1191 node => get_standard_option('pve-node'),
1192 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
1193 },
1194 },
1195 returns => { type => 'null'},
1196 code => sub {
1197 my ($param) = @_;
1198
1199 my $rpcenv = PVE::RPCEnvironment::get();
1200
1201 my $authuser = $rpcenv->get_user();
1202
1203 my $node = extract_param($param, 'node');
1204
1205 my $vmid = extract_param($param, 'vmid');
1206
1207 my $updatefn = sub {
1208
1209 my $conf = PVE::LXC::Config->load_config($vmid);
1210 PVE::LXC::Config->check_lock($conf);
1211
1212 die "unable to create template, because CT contains snapshots\n"
1213 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
1214
1215 die "you can't convert a template to a template\n"
1216 if PVE::LXC::Config->is_template($conf);
1217
1218 die "you can't convert a CT to template if the CT is running\n"
1219 if PVE::LXC::check_running($vmid);
1220
1221 my $scfg = PVE::Storage::config();
1222 PVE::LXC::Config->foreach_mountpoint($conf, sub {
1223 my ($ms, $mp) = @_;
1224
1225 my ($sid) =PVE::Storage::parse_volume_id($mp->{volume}, 0);
1226 die "Directory storage '$sid' does not support container templates!\n"
1227 if $scfg->{ids}->{$sid}->{path};
1228 });
1229
1230 my $realcmd = sub {
1231 PVE::LXC::template_create($vmid, $conf);
1232
1233 $conf->{template} = 1;
1234
1235 PVE::LXC::Config->write_config($vmid, $conf);
1236 # and remove lxc config
1237 PVE::LXC::update_lxc_config($vmid, $conf);
1238 };
1239
1240 return $rpcenv->fork_worker('vztemplate', $vmid, $authuser, $realcmd);
1241 };
1242
1243 PVE::LXC::Config->lock_config($vmid, $updatefn);
1244
1245 return undef;
1246 }});
1247
1248 __PACKAGE__->register_method({
1249 name => 'clone_vm',
1250 path => '{vmid}/clone',
1251 method => 'POST',
1252 protected => 1,
1253 proxyto => 'node',
1254 description => "Create a container clone/copy",
1255 permissions => {
1256 description => "You need 'VM.Clone' permissions on /vms/{vmid}, " .
1257 "and 'VM.Allocate' permissions " .
1258 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
1259 "'Datastore.AllocateSpace' on any used storage.",
1260 check =>
1261 [ 'and',
1262 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
1263 [ 'or',
1264 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
1265 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
1266 ],
1267 ]
1268 },
1269 parameters => {
1270 additionalProperties => 0,
1271 properties => {
1272 node => get_standard_option('pve-node'),
1273 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1274 newid => get_standard_option('pve-vmid', {
1275 completion => \&PVE::Cluster::complete_next_vmid,
1276 description => 'VMID for the clone.' }),
1277 hostname => {
1278 optional => 1,
1279 type => 'string', format => 'dns-name',
1280 description => "Set a hostname for the new CT.",
1281 },
1282 description => {
1283 optional => 1,
1284 type => 'string',
1285 description => "Description for the new CT.",
1286 },
1287 pool => {
1288 optional => 1,
1289 type => 'string', format => 'pve-poolid',
1290 description => "Add the new CT to the specified pool.",
1291 },
1292 snapname => get_standard_option('pve-lxc-snapshot-name', {
1293 optional => 1,
1294 }),
1295 storage => get_standard_option('pve-storage-id', {
1296 description => "Target storage for full clone.",
1297 optional => 1,
1298 }),
1299 full => {
1300 optional => 1,
1301 type => 'boolean',
1302 description => "Create a full copy of all disks. This is always done when " .
1303 "you clone a normal CT. For CT templates, we try to create a linked clone by default.",
1304 },
1305 target => get_standard_option('pve-node', {
1306 description => "Target node. Only allowed if the original VM is on shared storage.",
1307 optional => 1,
1308 }),
1309 },
1310 },
1311 returns => {
1312 type => 'string',
1313 },
1314 code => sub {
1315 my ($param) = @_;
1316
1317 my $rpcenv = PVE::RPCEnvironment::get();
1318
1319 my $authuser = $rpcenv->get_user();
1320
1321 my $node = extract_param($param, 'node');
1322
1323 my $vmid = extract_param($param, 'vmid');
1324
1325 my $newid = extract_param($param, 'newid');
1326
1327 my $pool = extract_param($param, 'pool');
1328
1329 if (defined($pool)) {
1330 $rpcenv->check_pool_exist($pool);
1331 }
1332
1333 my $snapname = extract_param($param, 'snapname');
1334
1335 my $storage = extract_param($param, 'storage');
1336
1337 my $target = extract_param($param, 'target');
1338
1339 my $localnode = PVE::INotify::nodename();
1340
1341 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
1342
1343 PVE::Cluster::check_node_exists($target) if $target;
1344
1345 my $storecfg = PVE::Storage::config();
1346
1347 if ($storage) {
1348 # check if storage is enabled on local node
1349 PVE::Storage::storage_check_enabled($storecfg, $storage);
1350 if ($target) {
1351 # check if storage is available on target node
1352 PVE::Storage::storage_check_node($storecfg, $storage, $target);
1353 # clone only works if target storage is shared
1354 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
1355 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
1356 }
1357 }
1358
1359 PVE::Cluster::check_cfs_quorum();
1360
1361 my $conffile;
1362 my $newconf = {};
1363 my $mountpoints = {};
1364 my $fullclone = {};
1365 my $vollist = [];
1366 my $running;
1367
1368 PVE::LXC::Config->lock_config($vmid, sub {
1369 my $src_conf = PVE::LXC::Config->set_lock($vmid, 'disk');
1370
1371 $running = PVE::LXC::check_running($vmid) || 0;
1372
1373 my $full = extract_param($param, 'full');
1374 if (!defined($full)) {
1375 $full = !PVE::LXC::Config->is_template($src_conf);
1376 }
1377 die "parameter 'storage' not allowed for linked clones\n" if defined($storage) && !$full;
1378
1379 eval {
1380 die "snapshot '$snapname' does not exist\n"
1381 if $snapname && !defined($src_conf->{snapshots}->{$snapname});
1382
1383
1384 my $src_conf = $snapname ? $src_conf->{snapshots}->{$snapname} : $src_conf;
1385
1386 $conffile = PVE::LXC::Config->config_file($newid);
1387 die "unable to create CT $newid: config file already exists\n"
1388 if -f $conffile;
1389
1390 my $sharedvm = 1;
1391 foreach my $opt (keys %$src_conf) {
1392 next if $opt =~ m/^unused\d+$/;
1393
1394 my $value = $src_conf->{$opt};
1395
1396 if (($opt eq 'rootfs') || ($opt =~ m/^mp\d+$/)) {
1397 my $mp = $opt eq 'rootfs' ?
1398 PVE::LXC::Config->parse_ct_rootfs($value) :
1399 PVE::LXC::Config->parse_ct_mountpoint($value);
1400
1401 if ($mp->{type} eq 'volume') {
1402 my $volid = $mp->{volume};
1403
1404 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
1405 $sid = $storage if defined($storage);
1406 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
1407 if (!$scfg->{shared}) {
1408 $sharedvm = 0;
1409 warn "found non-shared volume: $volid\n" if $target;
1410 }
1411
1412 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
1413
1414 if ($full) {
1415 die "Cannot do full clones on a running container without snapshots\n"
1416 if $running && !defined($snapname);
1417 $fullclone->{$opt} = 1;
1418 } else {
1419 # not full means clone instead of copy
1420 die "Linked clone feature for '$volid' is not available\n"
1421 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $volid, $snapname, $running);
1422 }
1423
1424 $mountpoints->{$opt} = $mp;
1425 push @$vollist, $volid;
1426
1427 } else {
1428 # TODO: allow bind mounts?
1429 die "unable to clone mountpint '$opt' (type $mp->{type})\n";
1430 }
1431 } elsif ($opt =~ m/^net(\d+)$/) {
1432 # always change MAC! address
1433 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
1434 my $net = PVE::LXC::Config->parse_lxc_network($value);
1435 $net->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
1436 $newconf->{$opt} = PVE::LXC::Config->print_lxc_network($net);
1437 } else {
1438 # copy everything else
1439 $newconf->{$opt} = $value;
1440 }
1441 }
1442 die "can't clone CT to node '$target' (CT uses local storage)\n"
1443 if $target && !$sharedvm;
1444
1445 # Replace the 'disk' lock with a 'create' lock.
1446 $newconf->{lock} = 'create';
1447
1448 delete $newconf->{template};
1449 if ($param->{hostname}) {
1450 $newconf->{hostname} = $param->{hostname};
1451 }
1452
1453 if ($param->{description}) {
1454 $newconf->{description} = $param->{description};
1455 }
1456
1457 # create empty/temp config - this fails if CT already exists on other node
1458 PVE::LXC::Config->write_config($newid, $newconf);
1459 };
1460 if (my $err = $@) {
1461 eval { PVE::LXC::Config->remove_lock($vmid, 'disk') };
1462 warn $@ if $@;
1463 die $err;
1464 }
1465 });
1466
1467 my $update_conf = sub {
1468 my ($key, $value) = @_;
1469 return PVE::LXC::Config->lock_config($newid, sub {
1470 my $conf = PVE::LXC::Config->load_config($newid);
1471 die "Lost 'create' config lock, aborting.\n"
1472 if !PVE::LXC::Config->has_lock($conf, 'create');
1473 $conf->{$key} = $value;
1474 PVE::LXC::Config->write_config($newid, $conf);
1475 });
1476 };
1477
1478 my $realcmd = sub {
1479 my ($upid) = @_;
1480
1481 my $newvollist = [];
1482
1483 my $verify_running = PVE::LXC::check_running($vmid) || 0;
1484 die "unexpected state change\n" if $verify_running != $running;
1485
1486 eval {
1487 local $SIG{INT} =
1488 local $SIG{TERM} =
1489 local $SIG{QUIT} =
1490 local $SIG{HUP} = sub { die "interrupted by signal\n"; };
1491
1492 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
1493
1494 foreach my $opt (keys %$mountpoints) {
1495 my $mp = $mountpoints->{$opt};
1496 my $volid = $mp->{volume};
1497
1498 my $newvolid;
1499 if ($fullclone->{$opt}) {
1500 print "create full clone of mountpoint $opt ($volid)\n";
1501 my $target_storage = $storage // PVE::Storage::parse_volume_id($volid);
1502 $newvolid = PVE::LXC::copy_volume($mp, $newid, $target_storage, $storecfg, $newconf, $snapname);
1503 } else {
1504 print "create linked clone of mount point $opt ($volid)\n";
1505 $newvolid = PVE::Storage::vdisk_clone($storecfg, $volid, $newid, $snapname);
1506 }
1507
1508 push @$newvollist, $newvolid;
1509 $mp->{volume} = $newvolid;
1510
1511 $update_conf->($opt, PVE::LXC::Config->print_ct_mountpoint($mp, $opt eq 'rootfs'));
1512 }
1513
1514 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
1515 PVE::LXC::Config->remove_lock($newid, 'create');
1516
1517 if ($target) {
1518 # always deactivate volumes - avoid lvm LVs to be active on several nodes
1519 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
1520 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
1521
1522 my $newconffile = PVE::LXC::Config->config_file($newid, $target);
1523 die "Failed to move config to node '$target' - rename failed: $!\n"
1524 if !rename($conffile, $newconffile);
1525 }
1526 };
1527 my $err = $@;
1528
1529 # Unlock the source config in any case:
1530 eval { PVE::LXC::Config->remove_lock($vmid, 'disk') };
1531 warn $@ if $@;
1532
1533 if ($err) {
1534 # Now cleanup the config & disks:
1535 unlink $conffile;
1536
1537 sleep 1; # some storages like rbd need to wait before release volume - really?
1538
1539 foreach my $volid (@$newvollist) {
1540 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
1541 warn $@ if $@;
1542 }
1543 die "clone failed: $err";
1544 }
1545
1546 return;
1547 };
1548
1549 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
1550 return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);
1551 }});
1552
1553
1554 __PACKAGE__->register_method({
1555 name => 'resize_vm',
1556 path => '{vmid}/resize',
1557 method => 'PUT',
1558 protected => 1,
1559 proxyto => 'node',
1560 description => "Resize a container mount point.",
1561 permissions => {
1562 check => ['perm', '/vms/{vmid}', ['VM.Config.Disk'], any => 1],
1563 },
1564 parameters => {
1565 additionalProperties => 0,
1566 properties => {
1567 node => get_standard_option('pve-node'),
1568 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1569 disk => {
1570 type => 'string',
1571 description => "The disk you want to resize.",
1572 enum => [PVE::LXC::Config->mountpoint_names()],
1573 },
1574 size => {
1575 type => 'string',
1576 pattern => '\+?\d+(\.\d+)?[KMGT]?',
1577 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
1578 },
1579 digest => {
1580 type => 'string',
1581 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1582 maxLength => 40,
1583 optional => 1,
1584 }
1585 },
1586 },
1587 returns => {
1588 type => 'string',
1589 description => "the task ID.",
1590 },
1591 code => sub {
1592 my ($param) = @_;
1593
1594 my $rpcenv = PVE::RPCEnvironment::get();
1595
1596 my $authuser = $rpcenv->get_user();
1597
1598 my $node = extract_param($param, 'node');
1599
1600 my $vmid = extract_param($param, 'vmid');
1601
1602 my $digest = extract_param($param, 'digest');
1603
1604 my $sizestr = extract_param($param, 'size');
1605 my $ext = ($sizestr =~ s/^\+//);
1606 my $newsize = PVE::JSONSchema::parse_size($sizestr);
1607 die "invalid size string" if !defined($newsize);
1608
1609 die "no options specified\n" if !scalar(keys %$param);
1610
1611 PVE::LXC::check_ct_modify_config_perm($rpcenv, $authuser, $vmid, undef, $param, []);
1612
1613 my $storage_cfg = cfs_read_file("storage.cfg");
1614
1615 my $code = sub {
1616
1617 my $conf = PVE::LXC::Config->load_config($vmid);
1618 PVE::LXC::Config->check_lock($conf);
1619
1620 PVE::Tools::assert_if_modified($digest, $conf->{digest});
1621
1622 my $running = PVE::LXC::check_running($vmid);
1623
1624 my $disk = $param->{disk};
1625 my $mp = $disk eq 'rootfs' ? PVE::LXC::Config->parse_ct_rootfs($conf->{$disk}) :
1626 PVE::LXC::Config->parse_ct_mountpoint($conf->{$disk});
1627
1628 my $volid = $mp->{volume};
1629
1630 my (undef, undef, $owner, undef, undef, undef, $format) =
1631 PVE::Storage::parse_volname($storage_cfg, $volid);
1632
1633 die "can't resize mount point owned by another container ($owner)"
1634 if $vmid != $owner;
1635
1636 die "can't resize volume: $disk if snapshot exists\n"
1637 if %{$conf->{snapshots}} && $format eq 'qcow2';
1638
1639 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
1640
1641 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
1642
1643 PVE::Storage::activate_volumes($storage_cfg, [$volid]);
1644
1645 my $size = PVE::Storage::volume_size_info($storage_cfg, $volid, 5);
1646 $newsize += $size if $ext;
1647 $newsize = int($newsize);
1648
1649 die "unable to shrink disk size\n" if $newsize < $size;
1650
1651 return if $size == $newsize;
1652
1653 PVE::Cluster::log_msg('info', $authuser, "update CT $vmid: resize --disk $disk --size $sizestr");
1654 my $realcmd = sub {
1655 # Note: PVE::Storage::volume_resize doesn't do anything if $running=1, so
1656 # we pass 0 here (parameter only makes sense for qemu)
1657 PVE::Storage::volume_resize($storage_cfg, $volid, $newsize, 0);
1658
1659 $mp->{size} = $newsize;
1660 $conf->{$disk} = PVE::LXC::Config->print_ct_mountpoint($mp, $disk eq 'rootfs');
1661
1662 PVE::LXC::Config->write_config($vmid, $conf);
1663
1664 if ($format eq 'raw') {
1665 my $path = PVE::Storage::path($storage_cfg, $volid, undef);
1666 if ($running) {
1667
1668 $mp->{mp} = '/';
1669 my $use_loopdev = (PVE::LXC::mountpoint_mount_path($mp, $storage_cfg))[1];
1670 $path = PVE::LXC::query_loopdev($path) if $use_loopdev;
1671 die "internal error: CT running but mount point not attached to a loop device"
1672 if !$path;
1673 PVE::Tools::run_command(['losetup', '--set-capacity', $path]) if $use_loopdev;
1674
1675 # In order for resize2fs to know that we need online-resizing a mountpoint needs
1676 # to be visible to it in its namespace.
1677 # To not interfere with the rest of the system we unshare the current mount namespace,
1678 # mount over /tmp and then run resize2fs.
1679
1680 # interestingly we don't need to e2fsck on mounted systems...
1681 my $quoted = PVE::Tools::shellquote($path);
1682 my $cmd = "mount --make-rprivate / && mount $quoted /tmp && resize2fs $quoted";
1683 eval {
1684 PVE::Tools::run_command(['unshare', '-m', '--', 'sh', '-c', $cmd]);
1685 };
1686 warn "Failed to update the container's filesystem: $@\n" if $@;
1687 } else {
1688 eval {
1689 PVE::Tools::run_command(['e2fsck', '-f', '-y', $path]);
1690 PVE::Tools::run_command(['resize2fs', $path]);
1691 };
1692 warn "Failed to update the container's filesystem: $@\n" if $@;
1693 }
1694 }
1695 };
1696
1697 return $rpcenv->fork_worker('resize', $vmid, $authuser, $realcmd);
1698 };
1699
1700 return PVE::LXC::Config->lock_config($vmid, $code);;
1701 }});
1702
1703 __PACKAGE__->register_method({
1704 name => 'move_volume',
1705 path => '{vmid}/move_volume',
1706 method => 'POST',
1707 protected => 1,
1708 proxyto => 'node',
1709 description => "Move a rootfs-/mp-volume to a different storage",
1710 permissions => {
1711 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
1712 "and 'Datastore.AllocateSpace' permissions on the storage.",
1713 check =>
1714 [ 'and',
1715 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
1716 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
1717 ],
1718 },
1719 parameters => {
1720 additionalProperties => 0,
1721 properties => {
1722 node => get_standard_option('pve-node'),
1723 vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid }),
1724 volume => {
1725 type => 'string',
1726 enum => [ PVE::LXC::Config->mountpoint_names() ],
1727 description => "Volume which will be moved.",
1728 },
1729 storage => get_standard_option('pve-storage-id', {
1730 description => "Target Storage.",
1731 completion => \&PVE::Storage::complete_storage_enabled,
1732 }),
1733 delete => {
1734 type => 'boolean',
1735 description => "Delete the original volume after successful copy. By default the original is kept as an unused volume entry.",
1736 optional => 1,
1737 default => 0,
1738 },
1739 digest => {
1740 type => 'string',
1741 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1742 maxLength => 40,
1743 optional => 1,
1744 }
1745 },
1746 },
1747 returns => {
1748 type => 'string',
1749 },
1750 code => sub {
1751 my ($param) = @_;
1752
1753 my $rpcenv = PVE::RPCEnvironment::get();
1754
1755 my $authuser = $rpcenv->get_user();
1756
1757 my $vmid = extract_param($param, 'vmid');
1758
1759 my $storage = extract_param($param, 'storage');
1760
1761 my $mpkey = extract_param($param, 'volume');
1762
1763 my $lockname = 'disk';
1764
1765 my ($mpdata, $old_volid);
1766
1767 PVE::LXC::Config->lock_config($vmid, sub {
1768 my $conf = PVE::LXC::Config->load_config($vmid);
1769 PVE::LXC::Config->check_lock($conf);
1770
1771 die "cannot move volumes of a running container\n" if PVE::LXC::check_running($vmid);
1772
1773 if ($mpkey eq 'rootfs') {
1774 $mpdata = PVE::LXC::Config->parse_ct_rootfs($conf->{$mpkey});
1775 } elsif ($mpkey =~ m/mp\d+/) {
1776 $mpdata = PVE::LXC::Config->parse_ct_mountpoint($conf->{$mpkey});
1777 } else {
1778 die "Can't parse $mpkey\n";
1779 }
1780 $old_volid = $mpdata->{volume};
1781
1782 die "you can't move a volume with snapshots and delete the source\n"
1783 if $param->{delete} && PVE::LXC::Config->is_volume_in_use_by_snapshots($conf, $old_volid);
1784
1785 PVE::Tools::assert_if_modified($param->{digest}, $conf->{digest});
1786
1787 PVE::LXC::Config->set_lock($vmid, $lockname);
1788 });
1789
1790 my $realcmd = sub {
1791 eval {
1792 PVE::Cluster::log_msg('info', $authuser, "move volume CT $vmid: move --volume $mpkey --storage $storage");
1793
1794 my $conf = PVE::LXC::Config->load_config($vmid);
1795 my $storage_cfg = PVE::Storage::config();
1796
1797 my $new_volid;
1798
1799 eval {
1800 PVE::Storage::activate_volumes($storage_cfg, [ $old_volid ]);
1801 $new_volid = PVE::LXC::copy_volume($mpdata, $vmid, $storage, $storage_cfg, $conf);
1802 $mpdata->{volume} = $new_volid;
1803
1804 PVE::LXC::Config->lock_config($vmid, sub {
1805 my $digest = $conf->{digest};
1806 $conf = PVE::LXC::Config->load_config($vmid);
1807 PVE::Tools::assert_if_modified($digest, $conf->{digest});
1808
1809 $conf->{$mpkey} = PVE::LXC::Config->print_ct_mountpoint($mpdata, $mpkey eq 'rootfs');
1810
1811 PVE::LXC::Config->add_unused_volume($conf, $old_volid) if !$param->{delete};
1812
1813 PVE::LXC::Config->write_config($vmid, $conf);
1814 });
1815
1816 eval {
1817 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
1818 PVE::Storage::deactivate_volumes($storage_cfg, [ $new_volid ])
1819 };
1820 warn $@ if $@;
1821 };
1822 if (my $err = $@) {
1823 eval {
1824 PVE::Storage::vdisk_free($storage_cfg, $new_volid)
1825 if defined($new_volid);
1826 };
1827 warn $@ if $@;
1828 die $err;
1829 }
1830
1831 if ($param->{delete}) {
1832 eval {
1833 PVE::Storage::deactivate_volumes($storage_cfg, [ $old_volid ]);
1834 PVE::Storage::vdisk_free($storage_cfg, $old_volid);
1835 };
1836 warn $@ if $@;
1837 }
1838 };
1839 my $err = $@;
1840 eval { PVE::LXC::Config->remove_lock($vmid, $lockname) };
1841 warn $@ if $@;
1842 die $err if $err;
1843 };
1844 my $task = eval {
1845 $rpcenv->fork_worker('move_volume', $vmid, $authuser, $realcmd);
1846 };
1847 if (my $err = $@) {
1848 eval { PVE::LXC::Config->remove_lock($vmid, $lockname) };
1849 warn $@ if $@;
1850 die $err;
1851 }
1852 return $task;
1853 }});
1854
1855 1;
PVE Container Toolkit