]>
Commit | Line | Data |
---|---|---|
aff192e6 DM |
1 | package PVE::API2::Nodes::Nodeinfo; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
b92400b6 | 5 | use POSIX qw(LONG_MAX); |
aff192e6 DM |
6 | use Filesys::Df; |
7 | use Time::Local qw(timegm_nocheck); | |
40993593 | 8 | use HTTP::Status qw(:constants); |
aff192e6 DM |
9 | use PVE::pvecfg; |
10 | use PVE::Tools; | |
b289829f | 11 | use PVE::API2Tools; |
aff192e6 DM |
12 | use PVE::ProcFSTools; |
13 | use PVE::SafeSyslog; | |
c9164975 | 14 | use PVE::Cluster qw(cfs_read_file); |
aff192e6 | 15 | use PVE::INotify; |
05b252dc | 16 | use PVE::Exception qw(raise raise_perm_exc raise_param_exc); |
aff192e6 DM |
17 | use PVE::RESTHandler; |
18 | use PVE::RPCEnvironment; | |
19 | use PVE::JSONSchema qw(get_standard_option); | |
20 | use PVE::AccessControl; | |
c9164975 | 21 | use PVE::Storage; |
4a07fced | 22 | use PVE::Firewall; |
989b7743 | 23 | use PVE::LXC; |
c9164975 | 24 | use PVE::APLInfo; |
34ada77a | 25 | use PVE::Report; |
10a9a736 | 26 | use PVE::HA::Env::PVE2; |
7e5cb2f0 | 27 | use PVE::HA::Config; |
7141ae25 | 28 | use PVE::QemuConfig; |
b92400b6 | 29 | use PVE::QemuServer; |
21ace8d3 | 30 | use PVE::API2::Subscription; |
aff192e6 DM |
31 | use PVE::API2::Services; |
32 | use PVE::API2::Network; | |
33 | use PVE::API2::Tasks; | |
ab322f5f | 34 | use PVE::API2::Scan; |
aff192e6 DM |
35 | use PVE::API2::Storage::Status; |
36 | use PVE::API2::Qemu; | |
989b7743 | 37 | use PVE::API2::LXC; |
b38516eb | 38 | use PVE::API2::LXC::Status; |
bf58f8dd | 39 | use PVE::API2::VZDump; |
21299915 | 40 | use PVE::API2::APT; |
38db610a | 41 | use PVE::API2::Ceph; |
4a07fced | 42 | use PVE::API2::Firewall::Host; |
892821fd | 43 | use PVE::API2::Replication; |
036475f8 | 44 | use PVE::API2::Certificates; |
c4f78bb7 | 45 | use PVE::API2::NodeConfig; |
523d5f48 | 46 | use PVE::API2::Hardware; |
3b81e495 FG |
47 | use Digest::MD5; |
48 | use Digest::SHA; | |
e781363f | 49 | use PVE::API2::Disks; |
aff192e6 | 50 | use JSON; |
b3d84542 | 51 | use Socket; |
aff192e6 DM |
52 | |
53 | use base qw(PVE::RESTHandler); | |
54 | ||
55 | __PACKAGE__->register_method ({ | |
f9d26e09 | 56 | subclass => "PVE::API2::Qemu", |
aff192e6 DM |
57 | path => 'qemu', |
58 | }); | |
59 | ||
989b7743 | 60 | __PACKAGE__->register_method ({ |
f9d26e09 | 61 | subclass => "PVE::API2::LXC", |
989b7743 DM |
62 | path => 'lxc', |
63 | }); | |
64 | ||
38db610a | 65 | __PACKAGE__->register_method ({ |
f9d26e09 | 66 | subclass => "PVE::API2::Ceph", |
38db610a DM |
67 | path => 'ceph', |
68 | }); | |
69 | ||
bf58f8dd | 70 | __PACKAGE__->register_method ({ |
f9d26e09 | 71 | subclass => "PVE::API2::VZDump", |
bf58f8dd DM |
72 | path => 'vzdump', |
73 | }); | |
74 | ||
aff192e6 | 75 | __PACKAGE__->register_method ({ |
f9d26e09 | 76 | subclass => "PVE::API2::Services", |
aff192e6 DM |
77 | path => 'services', |
78 | }); | |
79 | ||
21ace8d3 | 80 | __PACKAGE__->register_method ({ |
f9d26e09 | 81 | subclass => "PVE::API2::Subscription", |
21ace8d3 DM |
82 | path => 'subscription', |
83 | }); | |
84 | ||
aff192e6 | 85 | __PACKAGE__->register_method ({ |
f9d26e09 | 86 | subclass => "PVE::API2::Network", |
aff192e6 DM |
87 | path => 'network', |
88 | }); | |
89 | ||
90 | __PACKAGE__->register_method ({ | |
f9d26e09 | 91 | subclass => "PVE::API2::Tasks", |
aff192e6 DM |
92 | path => 'tasks', |
93 | }); | |
94 | ||
95 | __PACKAGE__->register_method ({ | |
ab322f5f | 96 | subclass => "PVE::API2::Scan", |
aff192e6 DM |
97 | path => 'scan', |
98 | }); | |
99 | ||
523d5f48 TL |
100 | __PACKAGE__->register_method ({ |
101 | subclass => "PVE::API2::Hardware", | |
102 | path => 'hardware', | |
103 | }); | |
104 | ||
105 | ||
aff192e6 | 106 | __PACKAGE__->register_method ({ |
f9d26e09 | 107 | subclass => "PVE::API2::Storage::Status", |
aff192e6 DM |
108 | path => 'storage', |
109 | }); | |
110 | ||
e781363f DC |
111 | __PACKAGE__->register_method ({ |
112 | subclass => "PVE::API2::Disks", | |
113 | path => 'disks', | |
114 | }); | |
115 | ||
21299915 | 116 | __PACKAGE__->register_method ({ |
f9d26e09 | 117 | subclass => "PVE::API2::APT", |
21299915 DM |
118 | path => 'apt', |
119 | }); | |
120 | ||
4a07fced | 121 | __PACKAGE__->register_method ({ |
f9d26e09 | 122 | subclass => "PVE::API2::Firewall::Host", |
4a07fced DM |
123 | path => 'firewall', |
124 | }); | |
125 | ||
892821fd DM |
126 | __PACKAGE__->register_method ({ |
127 | subclass => "PVE::API2::Replication", | |
128 | path => 'replication', | |
129 | }); | |
130 | ||
036475f8 FG |
131 | __PACKAGE__->register_method ({ |
132 | subclass => "PVE::API2::Certificates", | |
133 | path => 'certificates', | |
134 | }); | |
135 | ||
136 | ||
c4f78bb7 FG |
137 | __PACKAGE__->register_method ({ |
138 | subclass => "PVE::API2::NodeConfig", | |
139 | path => 'config', | |
140 | }); | |
141 | ||
aff192e6 | 142 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
143 | name => 'index', |
144 | path => '', | |
aff192e6 DM |
145 | method => 'GET', |
146 | permissions => { user => 'all' }, | |
147 | description => "Node index.", | |
148 | parameters => { | |
149 | additionalProperties => 0, | |
150 | properties => { | |
151 | node => get_standard_option('pve-node'), | |
152 | }, | |
153 | }, | |
154 | returns => { | |
155 | type => 'array', | |
156 | items => { | |
157 | type => "object", | |
158 | properties => {}, | |
159 | }, | |
160 | links => [ { rel => 'child', href => "{name}" } ], | |
161 | }, | |
162 | code => sub { | |
163 | my ($param) = @_; | |
f9d26e09 | 164 | |
aff192e6 | 165 | my $result = [ |
38db610a | 166 | { name => 'ceph' }, |
e781363f | 167 | { name => 'disks' }, |
21299915 | 168 | { name => 'apt' }, |
8747a9ec | 169 | { name => 'version' }, |
aff192e6 | 170 | { name => 'syslog' }, |
952280b4 | 171 | { name => 'journal' }, |
aff192e6 | 172 | { name => 'status' }, |
b3d84542 | 173 | { name => 'wakeonlan' }, |
21ace8d3 | 174 | { name => 'subscription' }, |
34ada77a | 175 | { name => 'report' }, |
aff192e6 DM |
176 | { name => 'tasks' }, |
177 | { name => 'rrd' }, # fixme: remove? | |
178 | { name => 'rrddata' },# fixme: remove? | |
892821fd | 179 | { name => 'replication' }, |
aff192e6 | 180 | { name => 'vncshell' }, |
4b168c27 | 181 | { name => 'termproxy' }, |
2d802f8c | 182 | { name => 'spiceshell' }, |
aff192e6 DM |
183 | { name => 'time' }, |
184 | { name => 'dns' }, | |
185 | { name => 'services' }, | |
186 | { name => 'scan' }, | |
187 | { name => 'storage' }, | |
aff192e6 | 188 | { name => 'qemu' }, |
989b7743 | 189 | { name => 'lxc' }, |
bf58f8dd | 190 | { name => 'vzdump' }, |
aff192e6 | 191 | { name => 'network' }, |
c9164975 | 192 | { name => 'aplinfo' }, |
b92400b6 DM |
193 | { name => 'startall' }, |
194 | { name => 'stopall' }, | |
0455911d | 195 | { name => 'netstat' }, |
4a07fced | 196 | { name => 'firewall' }, |
036475f8 | 197 | { name => 'certificates' }, |
c4f78bb7 | 198 | { name => 'config' }, |
820d0458 | 199 | { name => 'hosts' }, |
952280b4 | 200 | ]; |
aff192e6 DM |
201 | |
202 | return $result; | |
203 | }}); | |
204 | ||
8747a9ec | 205 | __PACKAGE__->register_method ({ |
f9d26e09 | 206 | name => 'version', |
8747a9ec DM |
207 | path => 'version', |
208 | method => 'GET', | |
209 | proxyto => 'node', | |
210 | permissions => { user => 'all' }, | |
211 | description => "API version details", | |
212 | parameters => { | |
213 | additionalProperties => 0, | |
214 | properties => { | |
215 | node => get_standard_option('pve-node'), | |
216 | }, | |
217 | }, | |
218 | returns => { | |
219 | type => "object", | |
220 | properties => { | |
221 | version => { type => 'string' }, | |
222 | release => { type => 'string' }, | |
223 | repoid => { type => 'string' }, | |
224 | }, | |
225 | }, | |
226 | code => sub { | |
227 | my ($resp, $param) = @_; | |
f9d26e09 | 228 | |
8747a9ec DM |
229 | return PVE::pvecfg::version_info(); |
230 | }}); | |
231 | ||
aff192e6 | 232 | __PACKAGE__->register_method({ |
f9d26e09 TL |
233 | name => 'status', |
234 | path => 'status', | |
aff192e6 DM |
235 | method => 'GET', |
236 | permissions => { | |
7d020b42 | 237 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
238 | }, |
239 | description => "Read node status", | |
240 | proxyto => 'node', | |
241 | parameters => { | |
242 | additionalProperties => 0, | |
243 | properties => { | |
244 | node => get_standard_option('pve-node'), | |
245 | }, | |
246 | }, | |
247 | returns => { | |
248 | type => "object", | |
249 | properties => { | |
250 | ||
251 | }, | |
252 | }, | |
253 | code => sub { | |
254 | my ($param) = @_; | |
255 | ||
256 | my $res = { | |
257 | uptime => 0, | |
258 | idle => 0, | |
259 | }; | |
260 | ||
261 | my ($uptime, $idle) = PVE::ProcFSTools::read_proc_uptime(); | |
262 | $res->{uptime} = $uptime; | |
f9d26e09 | 263 | |
aff192e6 DM |
264 | my ($avg1, $avg5, $avg15) = PVE::ProcFSTools::read_loadavg(); |
265 | $res->{loadavg} = [ $avg1, $avg5, $avg15]; | |
f9d26e09 | 266 | |
aff192e6 DM |
267 | my ($sysname, $nodename, $release, $version, $machine) = POSIX::uname(); |
268 | ||
269 | $res->{kversion} = "$sysname $release $version"; | |
270 | ||
271 | $res->{cpuinfo} = PVE::ProcFSTools::read_cpuinfo(); | |
272 | ||
273 | my $stat = PVE::ProcFSTools::read_proc_stat(); | |
274 | $res->{cpu} = $stat->{cpu}; | |
275 | $res->{wait} = $stat->{wait}; | |
276 | ||
277 | my $meminfo = PVE::ProcFSTools::read_meminfo(); | |
278 | $res->{memory} = { | |
279 | free => $meminfo->{memfree}, | |
280 | total => $meminfo->{memtotal}, | |
281 | used => $meminfo->{memused}, | |
282 | }; | |
f9d26e09 | 283 | |
20539e0c DM |
284 | $res->{ksm} = { |
285 | shared => $meminfo->{memshared}, | |
286 | }; | |
287 | ||
aff192e6 DM |
288 | $res->{swap} = { |
289 | free => $meminfo->{swapfree}, | |
290 | total => $meminfo->{swaptotal}, | |
291 | used => $meminfo->{swapused}, | |
292 | }; | |
293 | ||
294 | $res->{pveversion} = PVE::pvecfg::package() . "/" . | |
8747a9ec | 295 | PVE::pvecfg::version_text(); |
aff192e6 DM |
296 | |
297 | my $dinfo = df('/', 1); # output is bytes | |
298 | ||
299 | $res->{rootfs} = { | |
300 | total => $dinfo->{blocks}, | |
301 | avail => $dinfo->{bavail}, | |
302 | used => $dinfo->{used}, | |
3d0fcc46 | 303 | free => $dinfo->{blocks} - $dinfo->{used}, |
aff192e6 DM |
304 | }; |
305 | ||
306 | return $res; | |
307 | }}); | |
308 | ||
0455911d SP |
309 | __PACKAGE__->register_method({ |
310 | name => 'netstat', | |
311 | path => 'netstat', | |
312 | method => 'GET', | |
313 | permissions => { | |
314 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
315 | }, | |
316 | description => "Read tap/vm network device interface counters", | |
317 | proxyto => 'node', | |
318 | parameters => { | |
319 | additionalProperties => 0, | |
320 | properties => { | |
321 | node => get_standard_option('pve-node'), | |
322 | }, | |
323 | }, | |
324 | returns => { | |
325 | type => "array", | |
326 | items => { | |
327 | type => "object", | |
328 | properties => {}, | |
329 | }, | |
330 | }, | |
331 | code => sub { | |
332 | my ($param) = @_; | |
333 | ||
334 | my $res = [ ]; | |
335 | ||
336 | my $netdev = PVE::ProcFSTools::read_proc_net_dev(); | |
337 | foreach my $dev (keys %$netdev) { | |
675946f2 | 338 | next if $dev !~ m/^(?:tap|veth)([1-9]\d*)i(\d+)$/; |
0455911d SP |
339 | my $vmid = $1; |
340 | my $netid = $2; | |
341 | ||
342 | push( | |
343 | @$res, | |
344 | { | |
345 | vmid => $vmid, | |
346 | dev => "net$netid", | |
347 | in => $netdev->{$dev}->{transmit}, | |
348 | out => $netdev->{$dev}->{receive}, | |
349 | } | |
350 | ); | |
351 | } | |
352 | ||
353 | return $res; | |
354 | }}); | |
355 | ||
87c3e931 SP |
356 | __PACKAGE__->register_method({ |
357 | name => 'execute', | |
358 | path => 'execute', | |
40993593 | 359 | method => 'POST', |
87c3e931 SP |
360 | permissions => { |
361 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
362 | }, | |
40993593 | 363 | description => "Execute multiple commands in order.", |
87c3e931 | 364 | proxyto => 'node', |
40993593 | 365 | protected => 1, # avoid problems with proxy code |
87c3e931 SP |
366 | parameters => { |
367 | additionalProperties => 0, | |
368 | properties => { | |
369 | node => get_standard_option('pve-node'), | |
40993593 DM |
370 | commands => { |
371 | description => "JSON encoded array of commands.", | |
372 | type => "string", | |
373 | } | |
87c3e931 SP |
374 | }, |
375 | }, | |
376 | returns => { | |
377 | type => 'array', | |
378 | properties => { | |
379 | ||
380 | }, | |
381 | }, | |
382 | code => sub { | |
383 | my ($param) = @_; | |
384 | my $res = []; | |
385 | ||
40993593 DM |
386 | my $rpcenv = PVE::RPCEnvironment::get(); |
387 | my $user = $rpcenv->get_user(); | |
388 | ||
389 | my $commands = eval { decode_json($param->{commands}); }; | |
390 | ||
87c3e931 SP |
391 | die "commands param did not contain valid JSON: $@" if $@; |
392 | die "commands is not an array" if ref($commands) ne "ARRAY"; | |
393 | ||
394 | foreach my $cmd (@$commands) { | |
87c3e931 | 395 | eval { |
40993593 | 396 | die "$cmd is not a valid command" if (ref($cmd) ne "HASH" || !$cmd->{path} || !$cmd->{method}); |
f9d26e09 | 397 | |
40993593 DM |
398 | $cmd->{args} //= {}; |
399 | ||
400 | my $path = "nodes/$param->{node}/$cmd->{path}"; | |
f9d26e09 | 401 | |
40993593 DM |
402 | my $uri_param = {}; |
403 | my ($handler, $info) = PVE::API2->find_handler($cmd->{method}, $path, $uri_param); | |
404 | if (!$handler || !$info) { | |
405 | die "no handler for '$path'\n"; | |
406 | } | |
407 | ||
408 | foreach my $p (keys %{$cmd->{args}}) { | |
409 | raise_param_exc({ $p => "duplicate parameter" }) if defined($uri_param->{$p}); | |
410 | $uri_param->{$p} = $cmd->{args}->{$p}; | |
411 | } | |
412 | ||
413 | # check access permissions | |
414 | $rpcenv->check_api2_permissions($info->{permissions}, $user, $uri_param); | |
415 | ||
416 | push @$res, { | |
417 | status => HTTP_OK, | |
a51ceeb7 | 418 | data => $handler->handle($info, $uri_param), |
40993593 | 419 | }; |
87c3e931 | 420 | }; |
40993593 DM |
421 | if (my $err = $@) { |
422 | my $resp = { status => HTTP_INTERNAL_SERVER_ERROR }; | |
423 | if (ref($err) eq "PVE::Exception") { | |
424 | $resp->{status} = $err->{code} if $err->{code}; | |
425 | $resp->{errors} = $err->{errors} if $err->{errors}; | |
426 | $resp->{message} = $err->{msg}; | |
427 | } else { | |
428 | $resp->{message} = $err; | |
429 | } | |
430 | push @$res, $resp; | |
431 | } | |
87c3e931 SP |
432 | } |
433 | ||
434 | return $res; | |
435 | }}); | |
436 | ||
437 | ||
aff192e6 | 438 | __PACKAGE__->register_method({ |
f9d26e09 TL |
439 | name => 'node_cmd', |
440 | path => 'status', | |
aff192e6 DM |
441 | method => 'POST', |
442 | permissions => { | |
7d020b42 | 443 | check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], |
aff192e6 DM |
444 | }, |
445 | protected => 1, | |
446 | description => "Reboot or shutdown a node.", | |
447 | proxyto => 'node', | |
448 | parameters => { | |
449 | additionalProperties => 0, | |
450 | properties => { | |
451 | node => get_standard_option('pve-node'), | |
452 | command => { | |
453 | description => "Specify the command.", | |
454 | type => 'string', | |
455 | enum => [qw(reboot shutdown)], | |
456 | }, | |
457 | }, | |
458 | }, | |
459 | returns => { type => "null" }, | |
460 | code => sub { | |
461 | my ($param) = @_; | |
462 | ||
463 | if ($param->{command} eq 'reboot') { | |
464 | system ("(sleep 2;/sbin/reboot)&"); | |
465 | } elsif ($param->{command} eq 'shutdown') { | |
466 | system ("(sleep 2;/sbin/poweroff)&"); | |
467 | } | |
468 | ||
469 | return undef; | |
470 | }}); | |
471 | ||
b3d84542 CE |
472 | __PACKAGE__->register_method({ |
473 | name => 'wakeonlan', | |
474 | path => 'wakeonlan', | |
475 | method => 'POST', | |
476 | permissions => { | |
477 | check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]], | |
478 | }, | |
479 | protected => 1, | |
480 | description => "Try to wake a node via 'wake on LAN' network packet.", | |
481 | parameters => { | |
482 | additionalProperties => 0, | |
483 | properties => { | |
484 | node => get_standard_option('pve-node', { | |
485 | description => 'target node for wake on LAN packet', | |
5aa7b909 CE |
486 | completion => sub { |
487 | my $members = PVE::Cluster::get_members(); | |
488 | return [ grep { !$members->{$_}->{online} } keys %$members ]; | |
489 | } | |
b3d84542 CE |
490 | }), |
491 | }, | |
492 | }, | |
0f615ea9 CE |
493 | returns => { |
494 | type => 'string', | |
495 | format => 'mac-addr', | |
ec178804 | 496 | description => 'MAC address used to assemble the WoL magic packet.', |
0f615ea9 | 497 | }, |
b3d84542 CE |
498 | code => sub { |
499 | my ($param) = @_; | |
500 | ||
82436996 TL |
501 | my $node = $param->{node}; |
502 | ||
503 | die "'$node' is local node, cannot wake my self!\n" | |
504 | if $node eq 'localhost' || $node eq PVE::INotify::nodename(); | |
505 | ||
506 | PVE::Cluster::check_node_exists($node); | |
507 | ||
508 | my $config = PVE::NodeConfig::load_config($node); | |
b3d84542 CE |
509 | my $mac_addr = $config->{wakeonlan}; |
510 | if (!defined($mac_addr)) { | |
82436996 | 511 | die "No wake on LAN MAC address defined for '$node'!\n"; |
b3d84542 CE |
512 | } |
513 | ||
514 | $mac_addr =~ s/://g; | |
515 | my $packet = chr(0xff) x 6 . pack('H*', $mac_addr) x 16; | |
516 | ||
517 | my $addr = gethostbyname('255.255.255.255'); | |
518 | my $port = getservbyname('discard', 'udp'); | |
519 | my $to = Socket::pack_sockaddr_in($port, $addr); | |
82436996 | 520 | |
b3d84542 CE |
521 | socket(my $sock, Socket::AF_INET, Socket::SOCK_DGRAM, Socket::IPPROTO_UDP) |
522 | || die "Unable to open socket: $!\n"; | |
523 | setsockopt($sock, Socket::SOL_SOCKET, Socket::SO_BROADCAST, 1) | |
524 | || die "Unable to set socket option: $!\n"; | |
525 | ||
526 | send($sock, $packet, 0, $to) | |
527 | || die "Unable to send packet: $!\n"; | |
528 | ||
529 | close($sock); | |
530 | ||
0f615ea9 | 531 | return $config->{wakeonlan}; |
b3d84542 | 532 | }}); |
aff192e6 DM |
533 | |
534 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
535 | name => 'rrd', |
536 | path => 'rrd', | |
aff192e6 DM |
537 | method => 'GET', |
538 | protected => 1, # fixme: can we avoid that? | |
539 | permissions => { | |
7d020b42 | 540 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
541 | }, |
542 | description => "Read node RRD statistics (returns PNG)", | |
543 | parameters => { | |
544 | additionalProperties => 0, | |
545 | properties => { | |
546 | node => get_standard_option('pve-node'), | |
547 | timeframe => { | |
548 | description => "Specify the time frame you are interested in.", | |
549 | type => 'string', | |
550 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
551 | }, | |
552 | ds => { | |
553 | description => "The list of datasources you want to display.", | |
554 | type => 'string', format => 'pve-configid-list', | |
555 | }, | |
556 | cf => { | |
557 | description => "The RRD consolidation function", | |
558 | type => 'string', | |
559 | enum => [ 'AVERAGE', 'MAX' ], | |
560 | optional => 1, | |
561 | }, | |
562 | }, | |
563 | }, | |
564 | returns => { | |
565 | type => "object", | |
566 | properties => { | |
567 | filename => { type => 'string' }, | |
568 | }, | |
569 | }, | |
570 | code => sub { | |
571 | my ($param) = @_; | |
572 | ||
573 | return PVE::Cluster::create_rrd_graph( | |
f9d26e09 | 574 | "pve2-node/$param->{node}", $param->{timeframe}, |
aff192e6 DM |
575 | $param->{ds}, $param->{cf}); |
576 | ||
577 | }}); | |
578 | ||
579 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
580 | name => 'rrddata', |
581 | path => 'rrddata', | |
aff192e6 DM |
582 | method => 'GET', |
583 | protected => 1, # fixme: can we avoid that? | |
584 | permissions => { | |
7d020b42 | 585 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
586 | }, |
587 | description => "Read node RRD statistics", | |
588 | parameters => { | |
589 | additionalProperties => 0, | |
590 | properties => { | |
591 | node => get_standard_option('pve-node'), | |
592 | timeframe => { | |
593 | description => "Specify the time frame you are interested in.", | |
594 | type => 'string', | |
595 | enum => [ 'hour', 'day', 'week', 'month', 'year' ], | |
596 | }, | |
597 | cf => { | |
598 | description => "The RRD consolidation function", | |
599 | type => 'string', | |
600 | enum => [ 'AVERAGE', 'MAX' ], | |
601 | optional => 1, | |
602 | }, | |
603 | }, | |
604 | }, | |
605 | returns => { | |
606 | type => "array", | |
607 | items => { | |
608 | type => "object", | |
609 | properties => {}, | |
610 | }, | |
611 | }, | |
612 | code => sub { | |
613 | my ($param) = @_; | |
614 | ||
615 | return PVE::Cluster::create_rrd_data( | |
616 | "pve2-node/$param->{node}", $param->{timeframe}, $param->{cf}); | |
617 | }}); | |
618 | ||
619 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
620 | name => 'syslog', |
621 | path => 'syslog', | |
aff192e6 DM |
622 | method => 'GET', |
623 | description => "Read system log", | |
624 | proxyto => 'node', | |
625 | permissions => { | |
7d020b42 | 626 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], |
aff192e6 DM |
627 | }, |
628 | protected => 1, | |
629 | parameters => { | |
630 | additionalProperties => 0, | |
631 | properties => { | |
632 | node => get_standard_option('pve-node'), | |
633 | start => { | |
634 | type => 'integer', | |
635 | minimum => 0, | |
636 | optional => 1, | |
637 | }, | |
638 | limit => { | |
639 | type => 'integer', | |
640 | minimum => 0, | |
641 | optional => 1, | |
642 | }, | |
01b753b6 TL |
643 | since => { |
644 | type=> 'string', | |
645 | pattern => '^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}(:\d{2})?)?$', | |
646 | description => "Display all log since this date-time string.", | |
647 | optional => 1, | |
648 | }, | |
649 | until => { | |
650 | type=> 'string', | |
651 | pattern => '^\d{4}-\d{2}-\d{2}( \d{2}:\d{2}(:\d{2})?)?$', | |
652 | description => "Display all log until this date-time string.", | |
653 | optional => 1, | |
654 | }, | |
34142272 DC |
655 | service => { |
656 | description => "Service ID", | |
657 | type => 'string', | |
658 | maxLength => 128, | |
659 | optional => 1, | |
660 | }, | |
aff192e6 DM |
661 | }, |
662 | }, | |
663 | returns => { | |
664 | type => 'array', | |
f9d26e09 | 665 | items => { |
aff192e6 DM |
666 | type => "object", |
667 | properties => { | |
668 | n => { | |
669 | description=> "Line number", | |
670 | type=> 'integer', | |
671 | }, | |
672 | t => { | |
673 | description=> "Line text", | |
674 | type => 'string', | |
675 | } | |
676 | } | |
677 | } | |
678 | }, | |
679 | code => sub { | |
680 | my ($param) = @_; | |
681 | ||
aff192e6 DM |
682 | my $rpcenv = PVE::RPCEnvironment::get(); |
683 | my $user = $rpcenv->get_user(); | |
684 | my $node = $param->{node}; | |
34142272 DC |
685 | my $service; |
686 | ||
687 | if ($param->{service}) { | |
688 | my $service_aliases = { | |
689 | 'postfix' => 'postfix@-', | |
690 | }; | |
691 | ||
692 | $service = $service_aliases->{$param->{service}} // $param->{service}; | |
693 | } | |
aff192e6 | 694 | |
01b753b6 | 695 | my ($count, $lines) = PVE::Tools::dump_journal($param->{start}, $param->{limit}, |
34142272 | 696 | $param->{since}, $param->{until}, $service); |
ff9c330c DM |
697 | |
698 | $rpcenv->set_result_attrib('total', $count); | |
01b753b6 TL |
699 | |
700 | return $lines; | |
ff9c330c DM |
701 | }}); |
702 | ||
1d397a83 DC |
703 | __PACKAGE__->register_method({ |
704 | name => 'journal', | |
705 | path => 'journal', | |
706 | method => 'GET', | |
707 | description => "Read Journal", | |
708 | proxyto => 'node', | |
709 | permissions => { | |
710 | check => ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]], | |
711 | }, | |
712 | protected => 1, | |
713 | parameters => { | |
714 | additionalProperties => 0, | |
715 | properties => { | |
716 | node => get_standard_option('pve-node'), | |
717 | since => { | |
961399a3 TL |
718 | type=> 'integer', |
719 | minimum => 0, | |
f9b08743 | 720 | description => "Display all log since this UNIX epoch. Conflicts with 'startcursor'.", |
1d397a83 DC |
721 | optional => 1, |
722 | }, | |
723 | until => { | |
961399a3 TL |
724 | type=> 'integer', |
725 | minimum => 0, | |
f9b08743 | 726 | description => "Display all log until this UNIX epoch. Conflicts with 'endcursor'.", |
1d397a83 DC |
727 | optional => 1, |
728 | }, | |
729 | lastentries => { | |
a03cb8b8 | 730 | description => "Limit to the last X lines. Conflicts with a range.", |
1d397a83 | 731 | type => 'integer', |
961399a3 | 732 | minimum => 0, |
1d397a83 DC |
733 | optional => 1, |
734 | }, | |
735 | startcursor => { | |
f9b08743 | 736 | description => "Start after the given Cursor. Conflicts with 'since'", |
1d397a83 DC |
737 | type => 'string', |
738 | optional => 1, | |
739 | }, | |
740 | endcursor => { | |
f9b08743 | 741 | description => "End before the given Cursor. Conflicts with 'until'", |
1d397a83 DC |
742 | type => 'string', |
743 | optional => 1, | |
744 | }, | |
745 | }, | |
746 | }, | |
747 | returns => { | |
748 | type => 'array', | |
749 | items => { | |
750 | type => "string", | |
751 | } | |
752 | }, | |
753 | code => sub { | |
754 | my ($param) = @_; | |
755 | ||
756 | my $rpcenv = PVE::RPCEnvironment::get(); | |
757 | my $user = $rpcenv->get_user(); | |
758 | ||
f9b08743 | 759 | my $cmd = ["/usr/bin/mini-journalreader"]; |
a03cb8b8 TL |
760 | push @$cmd, '-n', $param->{lastentries} if $param->{lastentries}; |
761 | push @$cmd, '-b', $param->{since} if $param->{since}; | |
762 | push @$cmd, '-e', $param->{until} if $param->{until}; | |
763 | push @$cmd, '-f', $param->{startcursor} if $param->{startcursor}; | |
764 | push @$cmd, '-t', $param->{endcursor} if $param->{endcursor}; | |
f9b08743 TL |
765 | |
766 | my $lines = []; | |
767 | my $parser = sub { push @$lines, shift }; | |
1d397a83 DC |
768 | |
769 | PVE::Tools::run_command($cmd, outfunc => $parser); | |
770 | ||
771 | return $lines; | |
772 | }}); | |
773 | ||
aff192e6 DM |
774 | my $sslcert; |
775 | ||
dab7a849 | 776 | my $shell_cmd_map = { |
d03d7e1e TM |
777 | 'login' => [ '/bin/login', '-f', 'root' ], |
778 | 'upgrade' => [ '/usr/bin/pveupgrade', '--shell' ], | |
c3b04731 | 779 | 'ceph_install' => [ '/usr/bin/pveceph', 'install' ], |
d03d7e1e TM |
780 | }; |
781 | ||
782 | sub get_shell_command { | |
783 | my ($user, $shellcmd) = @_; | |
784 | ||
785 | if ($user eq 'root@pam') { | |
fc1da3b0 | 786 | if (defined($shellcmd) && exists($shell_cmd_map->{$shellcmd})) { |
dab7a849 | 787 | return $shell_cmd_map->{$shellcmd}; |
d03d7e1e TM |
788 | } else { |
789 | return [ '/bin/login', '-f', 'root' ]; | |
790 | } | |
791 | } else { | |
792 | return [ '/bin/login' ]; | |
793 | } | |
794 | } | |
795 | ||
aff192e6 | 796 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
797 | name => 'vncshell', |
798 | path => 'vncshell', | |
aff192e6 DM |
799 | method => 'POST', |
800 | protected => 1, | |
801 | permissions => { | |
d0289a19 | 802 | description => "Restricted to users on realm 'pam'", |
7d020b42 | 803 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], |
aff192e6 DM |
804 | }, |
805 | description => "Creates a VNC Shell proxy.", | |
806 | parameters => { | |
807 | additionalProperties => 0, | |
808 | properties => { | |
809 | node => get_standard_option('pve-node'), | |
3a76893d DM |
810 | upgrade => { |
811 | type => 'boolean', | |
2d39fd70 | 812 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
3a76893d DM |
813 | optional => 1, |
814 | default => 0, | |
815 | }, | |
d03d7e1e TM |
816 | cmd => { |
817 | type => 'string', | |
818 | description => "Run specific command or default to login.", | |
dab7a849 | 819 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
820 | optional => 1, |
821 | default => 'login', | |
822 | }, | |
8dfca17e DM |
823 | websocket => { |
824 | optional => 1, | |
825 | type => 'boolean', | |
826 | description => "use websocket instead of standard vnc.", | |
827 | }, | |
b8ac8b0c DC |
828 | width => { |
829 | optional => 1, | |
830 | description => "sets the width of the console in pixels.", | |
831 | type => 'integer', | |
832 | minimum => 16, | |
833 | maximum => 4096, | |
834 | }, | |
835 | height => { | |
836 | optional => 1, | |
837 | description => "sets the height of the console in pixels.", | |
838 | type => 'integer', | |
839 | minimum => 16, | |
840 | maximum => 2160, | |
841 | }, | |
aff192e6 DM |
842 | }, |
843 | }, | |
f9d26e09 | 844 | returns => { |
aff192e6 DM |
845 | additionalProperties => 0, |
846 | properties => { | |
847 | user => { type => 'string' }, | |
848 | ticket => { type => 'string' }, | |
849 | cert => { type => 'string' }, | |
850 | port => { type => 'integer' }, | |
851 | upid => { type => 'string' }, | |
852 | }, | |
853 | }, | |
854 | code => sub { | |
855 | my ($param) = @_; | |
856 | ||
857 | my $rpcenv = PVE::RPCEnvironment::get(); | |
858 | ||
d553e535 | 859 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); |
d0289a19 | 860 | |
f9d26e09 | 861 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
aff192e6 | 862 | |
3a76893d DM |
863 | raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam'; |
864 | ||
aff192e6 DM |
865 | my $node = $param->{node}; |
866 | ||
57ebda08 DM |
867 | my $authpath = "/nodes/$node"; |
868 | ||
869 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath); | |
870 | ||
aff192e6 DM |
871 | $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192) |
872 | if !$sslcert; | |
873 | ||
eb6d7497 | 874 | my ($remip, $family); |
b179a622 | 875 | |
aff192e6 | 876 | if ($node ne PVE::INotify::nodename()) { |
eb6d7497 WB |
877 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); |
878 | } else { | |
879 | $family = PVE::Tools::get_host_address_family($node); | |
aff192e6 DM |
880 | } |
881 | ||
eb6d7497 WB |
882 | my $port = PVE::Tools::next_vnc_port($family); |
883 | ||
aff192e6 DM |
884 | # NOTE: vncterm VNC traffic is already TLS encrypted, |
885 | # so we select the fastest chipher here (or 'none'?) | |
f9d26e09 | 886 | my $remcmd = $remip ? |
cb1b1712 | 887 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : []; |
d4a25f0b | 888 | |
2d39fd70 | 889 | # FIXME: remove with 6.0 |
d03d7e1e TM |
890 | if ($param->{upgrade}) { |
891 | $param->{cmd} = 'upgrade'; | |
3a76893d | 892 | } |
d03d7e1e | 893 | my $shcmd = get_shell_command($user, $param->{cmd}); |
aff192e6 | 894 | |
f9d26e09 | 895 | my $timeout = 10; |
aff192e6 | 896 | |
6d394492 | 897 | my $cmd = ['/usr/bin/vncterm', '-rfbport', $port, |
f9d26e09 | 898 | '-timeout', $timeout, '-authpath', $authpath, |
8dfca17e DM |
899 | '-perm', 'Sys.Console']; |
900 | ||
b8ac8b0c DC |
901 | if ($param->{width}) { |
902 | push @$cmd, '-width', $param->{width}; | |
903 | } | |
904 | ||
905 | if ($param->{height}) { | |
906 | push @$cmd, '-height', $param->{height}; | |
907 | } | |
908 | ||
8dfca17e | 909 | if ($param->{websocket}) { |
f9d26e09 | 910 | $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm |
8dfca17e DM |
911 | push @$cmd, '-notls', '-listen', 'localhost'; |
912 | } | |
913 | ||
914 | push @$cmd, '-c', @$remcmd, @$shcmd; | |
aff192e6 DM |
915 | |
916 | my $realcmd = sub { | |
917 | my $upid = shift; | |
918 | ||
919 | syslog ('info', "starting vnc proxy $upid\n"); | |
920 | ||
6d394492 | 921 | my $cmdstr = join (' ', @$cmd); |
aff192e6 DM |
922 | syslog ('info', "launch command: $cmdstr"); |
923 | ||
f9d26e09 | 924 | eval { |
6d394492 | 925 | foreach my $k (keys %ENV) { |
8dfca17e | 926 | next if $k eq 'PVE_VNC_TICKET'; |
b0d4b407 | 927 | next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME' || $k eq 'LANG' || $k eq 'LANGUAGE'; |
6d394492 DM |
928 | delete $ENV{$k}; |
929 | } | |
930 | $ENV{PWD} = '/'; | |
931 | ||
b0d4b407 | 932 | PVE::Tools::run_command($cmd, errmsg => "vncterm failed", keeplocale => 1); |
6d394492 DM |
933 | }; |
934 | if (my $err = $@) { | |
935 | syslog ('err', $err); | |
aff192e6 DM |
936 | } |
937 | ||
938 | return; | |
939 | }; | |
940 | ||
941 | my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd); | |
f9d26e09 | 942 | |
6806a0f8 | 943 | PVE::Tools::wait_for_vnc_port($port); |
aff192e6 DM |
944 | |
945 | return { | |
946 | user => $user, | |
947 | ticket => $ticket, | |
f9d26e09 TL |
948 | port => $port, |
949 | upid => $upid, | |
950 | cert => $sslcert, | |
aff192e6 DM |
951 | }; |
952 | }}); | |
953 | ||
4b168c27 DC |
954 | __PACKAGE__->register_method ({ |
955 | name => 'termproxy', | |
956 | path => 'termproxy', | |
957 | method => 'POST', | |
958 | protected => 1, | |
959 | permissions => { | |
960 | description => "Restricted to users on realm 'pam'", | |
961 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
962 | }, | |
963 | description => "Creates a VNC Shell proxy.", | |
964 | parameters => { | |
965 | additionalProperties => 0, | |
966 | properties => { | |
967 | node => get_standard_option('pve-node'), | |
968 | upgrade => { | |
969 | type => 'boolean', | |
2d39fd70 | 970 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
4b168c27 DC |
971 | optional => 1, |
972 | default => 0, | |
973 | }, | |
d03d7e1e TM |
974 | cmd => { |
975 | type => 'string', | |
976 | description => "Run specific command or default to login.", | |
dab7a849 | 977 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
978 | optional => 1, |
979 | default => 'login', | |
980 | }, | |
4b168c27 DC |
981 | }, |
982 | }, | |
983 | returns => { | |
984 | additionalProperties => 0, | |
985 | properties => { | |
986 | user => { type => 'string' }, | |
987 | ticket => { type => 'string' }, | |
988 | port => { type => 'integer' }, | |
989 | upid => { type => 'string' }, | |
990 | }, | |
991 | }, | |
992 | code => sub { | |
993 | my ($param) = @_; | |
994 | ||
995 | my $rpcenv = PVE::RPCEnvironment::get(); | |
996 | ||
997 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); | |
998 | ||
999 | raise_perm_exc("realm != pam") if $realm ne 'pam'; | |
1000 | ||
1001 | my $node = $param->{node}; | |
1002 | ||
1003 | my $authpath = "/nodes/$node"; | |
1004 | ||
1005 | my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath); | |
1006 | ||
1007 | my ($remip, $family); | |
1008 | ||
1009 | if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { | |
1010 | ($remip, $family) = PVE::Cluster::remote_node_ip($node); | |
1011 | } else { | |
1012 | $family = PVE::Tools::get_host_address_family($node); | |
1013 | } | |
1014 | ||
1015 | my $port = PVE::Tools::next_vnc_port($family); | |
1016 | ||
1017 | my $remcmd = $remip ? | |
1018 | ['/usr/bin/ssh', '-e', 'none', '-t', $remip , '--'] : []; | |
2d39fd70 | 1019 | # FIXME: remove with 6.0 |
d03d7e1e TM |
1020 | if ($param->{upgrade}) { |
1021 | $param->{cmd} = 'upgrade'; | |
4b168c27 | 1022 | } |
d03d7e1e | 1023 | my $shcmd = get_shell_command($user, $param->{cmd}); |
4b168c27 DC |
1024 | |
1025 | my $realcmd = sub { | |
1026 | my $upid = shift; | |
1027 | ||
1028 | syslog ('info', "starting termproxy $upid\n"); | |
1029 | ||
1030 | my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath, | |
1031 | '--perm', 'Sys.Console', '--']; | |
d03d7e1e | 1032 | push @$cmd, @$remcmd, @$shcmd; |
4b168c27 DC |
1033 | |
1034 | PVE::Tools::run_command($cmd); | |
1035 | }; | |
1036 | ||
1037 | my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd); | |
1038 | ||
1039 | PVE::Tools::wait_for_vnc_port($port); | |
1040 | ||
1041 | return { | |
1042 | user => $user, | |
1043 | ticket => $ticket, | |
1044 | port => $port, | |
1045 | upid => $upid, | |
1046 | }; | |
1047 | }}); | |
1048 | ||
8dfca17e DM |
1049 | __PACKAGE__->register_method({ |
1050 | name => 'vncwebsocket', | |
1051 | path => 'vncwebsocket', | |
1052 | method => 'GET', | |
f9d26e09 | 1053 | permissions => { |
8dfca17e DM |
1054 | description => "Restricted to users on realm 'pam'. You also need to pass a valid ticket (vncticket).", |
1055 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
1056 | }, | |
1057 | description => "Opens a weksocket for VNC traffic.", | |
1058 | parameters => { | |
1059 | additionalProperties => 0, | |
1060 | properties => { | |
1061 | node => get_standard_option('pve-node'), | |
1062 | vncticket => { | |
1063 | description => "Ticket from previous call to vncproxy.", | |
1064 | type => 'string', | |
1065 | maxLength => 512, | |
1066 | }, | |
1067 | port => { | |
1068 | description => "Port number returned by previous vncproxy call.", | |
1069 | type => 'integer', | |
1070 | minimum => 5900, | |
1071 | maximum => 5999, | |
1072 | }, | |
1073 | }, | |
1074 | }, | |
1075 | returns => { | |
1076 | type => "object", | |
1077 | properties => { | |
1078 | port => { type => 'string' }, | |
1079 | }, | |
1080 | }, | |
1081 | code => sub { | |
1082 | my ($param) = @_; | |
1083 | ||
1084 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1085 | ||
1086 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user()); | |
1087 | ||
f9d26e09 | 1088 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
8dfca17e DM |
1089 | |
1090 | my $authpath = "/nodes/$param->{node}"; | |
1091 | ||
1092 | PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $user, $authpath); | |
1093 | ||
1094 | my $port = $param->{port}; | |
f9d26e09 | 1095 | |
8dfca17e DM |
1096 | return { port => $port }; |
1097 | }}); | |
1098 | ||
2d802f8c | 1099 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
1100 | name => 'spiceshell', |
1101 | path => 'spiceshell', | |
2d802f8c DM |
1102 | method => 'POST', |
1103 | protected => 1, | |
1104 | proxyto => 'node', | |
1105 | permissions => { | |
1106 | description => "Restricted to users on realm 'pam'", | |
1107 | check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]], | |
1108 | }, | |
7774df78 | 1109 | description => "Creates a SPICE shell.", |
2d802f8c DM |
1110 | parameters => { |
1111 | additionalProperties => 0, | |
1112 | properties => { | |
1113 | node => get_standard_option('pve-node'), | |
7774df78 | 1114 | proxy => get_standard_option('spice-proxy', { optional => 1 }), |
2d802f8c DM |
1115 | upgrade => { |
1116 | type => 'boolean', | |
2d39fd70 | 1117 | description => "Deprecated, use the 'cmd' property instead! Run 'apt-get dist-upgrade' instead of normal shell.", |
2d802f8c DM |
1118 | optional => 1, |
1119 | default => 0, | |
1120 | }, | |
d03d7e1e TM |
1121 | cmd => { |
1122 | type => 'string', | |
1123 | description => "Run specific command or default to login.", | |
dab7a849 | 1124 | enum => [keys %$shell_cmd_map], |
d03d7e1e TM |
1125 | optional => 1, |
1126 | default => 'login', | |
1127 | }, | |
2d802f8c DM |
1128 | }, |
1129 | }, | |
7774df78 | 1130 | returns => get_standard_option('remote-viewer-config'), |
2d802f8c DM |
1131 | code => sub { |
1132 | my ($param) = @_; | |
1133 | ||
1134 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1135 | my $authuser = $rpcenv->get_user(); | |
1136 | ||
1137 | my ($user, undef, $realm) = PVE::AccessControl::verify_username($authuser); | |
1138 | ||
f9d26e09 | 1139 | raise_perm_exc("realm != pam") if $realm ne 'pam'; |
2d802f8c DM |
1140 | |
1141 | raise_perm_exc('user != root@pam') if $param->{upgrade} && $user ne 'root@pam'; | |
1142 | ||
1143 | my $node = $param->{node}; | |
1144 | my $proxy = $param->{proxy}; | |
2d802f8c DM |
1145 | |
1146 | my $authpath = "/nodes/$node"; | |
b289829f | 1147 | my $permissions = 'Sys.Console'; |
2d39fd70 | 1148 | # FIXME: remove with 6.0 |
d03d7e1e TM |
1149 | if ($param->{upgrade}) { |
1150 | $param->{cmd} = 'upgrade'; | |
2d802f8c | 1151 | } |
d03d7e1e | 1152 | my $shcmd = get_shell_command($user, $param->{cmd}); |
2d802f8c | 1153 | |
b289829f | 1154 | my $title = "Shell on '$node'"; |
2d802f8c | 1155 | |
b289829f | 1156 | return PVE::API2Tools::run_spiceterm($authpath, $permissions, 0, $node, $proxy, $title, $shcmd); |
2d802f8c DM |
1157 | }}); |
1158 | ||
aff192e6 | 1159 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1160 | name => 'dns', |
1161 | path => 'dns', | |
aff192e6 DM |
1162 | method => 'GET', |
1163 | permissions => { | |
7d020b42 | 1164 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
aff192e6 DM |
1165 | }, |
1166 | description => "Read DNS settings.", | |
1167 | proxyto => 'node', | |
1168 | parameters => { | |
1169 | additionalProperties => 0, | |
1170 | properties => { | |
1171 | node => get_standard_option('pve-node'), | |
1172 | }, | |
1173 | }, | |
1174 | returns => { | |
1175 | type => "object", | |
1176 | additionalProperties => 0, | |
1177 | properties => { | |
1178 | search => { | |
1179 | description => "Search domain for host-name lookup.", | |
1180 | type => 'string', | |
1181 | optional => 1, | |
1182 | }, | |
1183 | dns1 => { | |
1184 | description => 'First name server IP address.', | |
1185 | type => 'string', | |
1186 | optional => 1, | |
f9d26e09 | 1187 | }, |
aff192e6 DM |
1188 | dns2 => { |
1189 | description => 'Second name server IP address.', | |
1190 | type => 'string', | |
1191 | optional => 1, | |
f9d26e09 | 1192 | }, |
aff192e6 DM |
1193 | dns3 => { |
1194 | description => 'Third name server IP address.', | |
1195 | type => 'string', | |
1196 | optional => 1, | |
f9d26e09 | 1197 | }, |
aff192e6 DM |
1198 | }, |
1199 | }, | |
1200 | code => sub { | |
1201 | my ($param) = @_; | |
1202 | ||
1203 | my $res = PVE::INotify::read_file('resolvconf'); | |
1204 | ||
1205 | return $res; | |
1206 | }}); | |
1207 | ||
1208 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1209 | name => 'update_dns', |
1210 | path => 'dns', | |
aff192e6 DM |
1211 | method => 'PUT', |
1212 | description => "Write DNS settings.", | |
d0289a19 DM |
1213 | permissions => { |
1214 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
1215 | }, | |
aff192e6 DM |
1216 | proxyto => 'node', |
1217 | protected => 1, | |
1218 | parameters => { | |
1219 | additionalProperties => 0, | |
1220 | properties => { | |
1221 | node => get_standard_option('pve-node'), | |
1222 | search => { | |
1223 | description => "Search domain for host-name lookup.", | |
1224 | type => 'string', | |
1225 | }, | |
1226 | dns1 => { | |
1227 | description => 'First name server IP address.', | |
7a9486a7 | 1228 | type => 'string', format => 'ip', |
aff192e6 | 1229 | optional => 1, |
f9d26e09 | 1230 | }, |
aff192e6 DM |
1231 | dns2 => { |
1232 | description => 'Second name server IP address.', | |
7a9486a7 | 1233 | type => 'string', format => 'ip', |
aff192e6 | 1234 | optional => 1, |
f9d26e09 | 1235 | }, |
aff192e6 DM |
1236 | dns3 => { |
1237 | description => 'Third name server IP address.', | |
7a9486a7 | 1238 | type => 'string', format => 'ip', |
aff192e6 | 1239 | optional => 1, |
f9d26e09 | 1240 | }, |
aff192e6 DM |
1241 | }, |
1242 | }, | |
1243 | returns => { type => "null" }, | |
1244 | code => sub { | |
1245 | my ($param) = @_; | |
1246 | ||
1247 | PVE::INotify::update_file('resolvconf', $param); | |
1248 | ||
1249 | return undef; | |
1250 | }}); | |
1251 | ||
1252 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1253 | name => 'time', |
1254 | path => 'time', | |
aff192e6 DM |
1255 | method => 'GET', |
1256 | permissions => { | |
7d020b42 DM |
1257 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], |
1258 | }, | |
aff192e6 DM |
1259 | description => "Read server time and time zone settings.", |
1260 | proxyto => 'node', | |
1261 | parameters => { | |
1262 | additionalProperties => 0, | |
1263 | properties => { | |
1264 | node => get_standard_option('pve-node'), | |
1265 | }, | |
1266 | }, | |
1267 | returns => { | |
1268 | type => "object", | |
1269 | additionalProperties => 0, | |
1270 | properties => { | |
1271 | timezone => { | |
1272 | description => "Time zone", | |
1273 | type => 'string', | |
1274 | }, | |
1275 | time => { | |
1276 | description => "Seconds since 1970-01-01 00:00:00 UTC.", | |
1277 | type => 'integer', | |
1278 | minimum => 1297163644, | |
bed5fdfc | 1279 | renderer => 'timestamp', |
aff192e6 DM |
1280 | }, |
1281 | localtime => { | |
1282 | description => "Seconds since 1970-01-01 00:00:00 (local time)", | |
1283 | type => 'integer', | |
1284 | minimum => 1297163644, | |
bed5fdfc | 1285 | renderer => 'timestamp_gmt', |
aff192e6 DM |
1286 | }, |
1287 | }, | |
1288 | }, | |
1289 | code => sub { | |
1290 | my ($param) = @_; | |
1291 | ||
1292 | my $ctime = time(); | |
1293 | my $ltime = timegm_nocheck(localtime($ctime)); | |
1294 | my $res = { | |
1295 | timezone => PVE::INotify::read_file('timezone'), | |
bed5fdfc | 1296 | time => $ctime, |
aff192e6 DM |
1297 | localtime => $ltime, |
1298 | }; | |
1299 | ||
1300 | return $res; | |
1301 | }}); | |
1302 | ||
1303 | __PACKAGE__->register_method({ | |
f9d26e09 TL |
1304 | name => 'set_timezone', |
1305 | path => 'time', | |
aff192e6 DM |
1306 | method => 'PUT', |
1307 | description => "Set time zone.", | |
d0289a19 DM |
1308 | permissions => { |
1309 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
1310 | }, | |
aff192e6 DM |
1311 | proxyto => 'node', |
1312 | protected => 1, | |
1313 | parameters => { | |
1314 | additionalProperties => 0, | |
1315 | properties => { | |
1316 | node => get_standard_option('pve-node'), | |
1317 | timezone => { | |
1318 | description => "Time zone. The file '/usr/share/zoneinfo/zone.tab' contains the list of valid names.", | |
1319 | type => 'string', | |
1320 | }, | |
1321 | }, | |
1322 | }, | |
1323 | returns => { type => "null" }, | |
1324 | code => sub { | |
1325 | my ($param) = @_; | |
1326 | ||
1327 | PVE::INotify::write_file('timezone', $param->{timezone}); | |
1328 | ||
1329 | return undef; | |
1330 | }}); | |
1331 | ||
c9164975 | 1332 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1333 | name => 'aplinfo', |
1334 | path => 'aplinfo', | |
c9164975 DM |
1335 | method => 'GET', |
1336 | permissions => { | |
1337 | user => 'all', | |
1338 | }, | |
1339 | description => "Get list of appliances.", | |
1340 | proxyto => 'node', | |
1341 | parameters => { | |
1342 | additionalProperties => 0, | |
1343 | properties => { | |
1344 | node => get_standard_option('pve-node'), | |
1345 | }, | |
1346 | }, | |
1347 | returns => { | |
1348 | type => 'array', | |
1349 | items => { | |
1350 | type => "object", | |
1351 | properties => {}, | |
1352 | }, | |
1353 | }, | |
1354 | code => sub { | |
1355 | my ($param) = @_; | |
1356 | ||
1357 | my $res = []; | |
1358 | ||
1359 | my $list = PVE::APLInfo::load_data(); | |
1360 | ||
1361 | foreach my $template (keys %{$list->{all}}) { | |
1362 | my $pd = $list->{all}->{$template}; | |
1363 | next if $pd->{'package'} eq 'pve-web-news'; | |
1364 | push @$res, $pd; | |
1365 | } | |
1366 | ||
1367 | return $res; | |
1368 | }}); | |
1369 | ||
0532bd28 | 1370 | __PACKAGE__->register_method({ |
f9d26e09 TL |
1371 | name => 'apl_download', |
1372 | path => 'aplinfo', | |
0532bd28 DM |
1373 | method => 'POST', |
1374 | permissions => { | |
1375 | check => ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']], | |
1376 | }, | |
1377 | description => "Download appliance templates.", | |
1378 | proxyto => 'node', | |
1379 | protected => 1, | |
1380 | parameters => { | |
1381 | additionalProperties => 0, | |
1382 | properties => { | |
1383 | node => get_standard_option('pve-node'), | |
82282acf | 1384 | storage => get_standard_option('pve-storage-id', { |
62180d0f | 1385 | description => "The storage where the template will be stored", |
82282acf WL |
1386 | completion => \&PVE::Storage::complete_storage_enabled, |
1387 | }), | |
1388 | template => { type => 'string', | |
1389 | description => "The template wich will downloaded", | |
1390 | maxLength => 255, | |
1391 | completion => \&complete_templet_repo, | |
1392 | }, | |
0532bd28 DM |
1393 | }, |
1394 | }, | |
1395 | returns => { type => "string" }, | |
1396 | code => sub { | |
1397 | my ($param) = @_; | |
1398 | ||
1399 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1400 | ||
1401 | my $user = $rpcenv->get_user(); | |
1402 | ||
1403 | my $node = $param->{node}; | |
1404 | ||
1405 | my $list = PVE::APLInfo::load_data(); | |
1406 | ||
1407 | my $template = $param->{template}; | |
1408 | my $pd = $list->{all}->{$template}; | |
1409 | ||
1410 | raise_param_exc({ template => "no such template"}) if !$pd; | |
1411 | ||
bbcfdc08 | 1412 | my $cfg = PVE::Storage::config(); |
0532bd28 DM |
1413 | my $scfg = PVE::Storage::storage_check_enabled($cfg, $param->{storage}, $node); |
1414 | ||
761a2b31 DM |
1415 | die "unknown template type '$pd->{type}'\n" |
1416 | if !($pd->{type} eq 'openvz' || $pd->{type} eq 'lxc'); | |
0532bd28 | 1417 | |
f9d26e09 | 1418 | die "storage '$param->{storage}' does not support templates\n" |
0532bd28 DM |
1419 | if !$scfg->{content}->{vztmpl}; |
1420 | ||
1421 | my $src = $pd->{location}; | |
1422 | my $tmpldir = PVE::Storage::get_vztmpl_dir($cfg, $param->{storage}); | |
1423 | my $dest = "$tmpldir/$template"; | |
1424 | my $tmpdest = "$tmpldir/${template}.tmp.$$"; | |
1425 | ||
1426 | my $worker = sub { | |
1427 | my $upid = shift; | |
f9d26e09 | 1428 | |
0532bd28 DM |
1429 | print "starting template download from: $src\n"; |
1430 | print "target file: $dest\n"; | |
1431 | ||
3b81e495 FG |
1432 | my $check_hash = sub { |
1433 | my ($template_info, $filename, $noerr) = @_; | |
1434 | ||
1435 | my $digest; | |
1436 | my $expected; | |
1437 | ||
1438 | eval { | |
79be6db3 FG |
1439 | open(my $fh, '<', $filename) or die "Can't open '$filename': $!"; |
1440 | binmode($fh); | |
95f99e8c FG |
1441 | if (defined($template_info->{sha512sum})) { |
1442 | $expected = $template_info->{sha512sum}; | |
79be6db3 | 1443 | $digest = Digest::SHA->new(512)->addfile($fh)->hexdigest; |
95f99e8c | 1444 | } elsif (defined($template_info->{md5sum})) { |
3b81e495 | 1445 | #fallback to MD5 |
95f99e8c | 1446 | $expected = $template_info->{md5sum}; |
3b81e495 | 1447 | $digest = Digest::MD5->new->addfile($fh)->hexdigest; |
3b81e495 FG |
1448 | } else { |
1449 | die "no expected checksum defined"; | |
1450 | } | |
79be6db3 | 1451 | close($fh); |
3b81e495 FG |
1452 | }; |
1453 | ||
1454 | die "checking hash failed - $@\n" if $@ && !$noerr; | |
0532bd28 | 1455 | |
3b81e495 FG |
1456 | return ($digest, $digest ? lc($digest) eq lc($expected) : 0); |
1457 | }; | |
1458 | ||
1459 | eval { | |
0532bd28 | 1460 | if (-f $dest) { |
3b81e495 | 1461 | my ($hash, $correct) = &$check_hash($pd, $dest, 1); |
0532bd28 | 1462 | |
3b81e495 FG |
1463 | if ($hash && $correct) { |
1464 | print "file already exists $hash - no need to download\n"; | |
0532bd28 DM |
1465 | return; |
1466 | } | |
1467 | } | |
1468 | ||
1469 | local %ENV; | |
1470 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
1471 | if ($dccfg->{http_proxy}) { | |
1472 | $ENV{http_proxy} = $dccfg->{http_proxy}; | |
1473 | } | |
1474 | ||
1475 | my @cmd = ('/usr/bin/wget', '--progress=dot:mega', '-O', $tmpdest, $src); | |
1476 | if (system (@cmd) != 0) { | |
1477 | die "download failed - $!\n"; | |
1478 | } | |
1479 | ||
3b81e495 FG |
1480 | my ($hash, $correct) = &$check_hash($pd, $tmpdest); |
1481 | ||
1482 | die "could not calculate checksum\n" if !$hash; | |
f9d26e09 | 1483 | |
3b81e495 FG |
1484 | if (!$correct) { |
1485 | my $expected = $pd->{sha512sum} // $pd->{md5sum}; | |
1486 | die "wrong checksum: $hash != $expected\n"; | |
0532bd28 DM |
1487 | } |
1488 | ||
c351eda9 | 1489 | if (!rename($tmpdest, $dest)) { |
0532bd28 DM |
1490 | die "unable to save file - $!\n"; |
1491 | } | |
1492 | }; | |
1493 | my $err = $@; | |
1494 | ||
1495 | unlink $tmpdest; | |
1496 | ||
1497 | if ($err) { | |
1498 | print "\n"; | |
1499 | die $err if $err; | |
1500 | } | |
1501 | ||
1502 | print "download finished\n"; | |
1503 | }; | |
1504 | ||
1505 | return $rpcenv->fork_worker('download', undef, $user, $worker); | |
1506 | }}); | |
1507 | ||
34ada77a EK |
1508 | __PACKAGE__->register_method({ |
1509 | name => 'report', | |
1510 | path => 'report', | |
1511 | method => 'GET', | |
1512 | permissions => { | |
1513 | check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], | |
1514 | }, | |
6bbdf981 | 1515 | protected => 1, |
34ada77a EK |
1516 | description => "Gather various systems information about a node", |
1517 | proxyto => 'node', | |
1518 | parameters => { | |
1519 | additionalProperties => 0, | |
1520 | properties => { | |
1521 | node => get_standard_option('pve-node'), | |
1522 | }, | |
1523 | }, | |
1524 | returns => { | |
cdb5a209 | 1525 | type => 'string', |
34ada77a EK |
1526 | }, |
1527 | code => sub { | |
cdb5a209 | 1528 | return PVE::Report::generate(); |
34ada77a | 1529 | }}); |
0532bd28 | 1530 | |
b72cdbb7 TL |
1531 | # returns a list of VMIDs, those can be filtered by |
1532 | # * current parent node | |
1533 | # * vmid whitelist | |
1534 | # * guest is a template (default: skip) | |
1535 | # * guest is HA manged (default: skip) | |
1536 | my $get_filtered_vmlist = sub { | |
1537 | my ($nodename, $vmfilter, $templates, $ha_managed) = @_; | |
b92400b6 | 1538 | |
b92400b6 DM |
1539 | my $vmlist = PVE::Cluster::get_vmlist(); |
1540 | ||
b72cdbb7 | 1541 | my $vms_allowed = {}; |
2a498506 | 1542 | if (defined($vmfilter)) { |
2a498506 | 1543 | foreach my $vmid (PVE::Tools::split_list($vmfilter)) { |
b72cdbb7 | 1544 | $vms_allowed->{$vmid} = 1; |
2a498506 DC |
1545 | } |
1546 | } | |
1547 | ||
b72cdbb7 | 1548 | my $res = {}; |
b92400b6 | 1549 | foreach my $vmid (keys %{$vmlist->{ids}}) { |
b72cdbb7 | 1550 | next if %$vms_allowed && !$vms_allowed->{$vmid}; |
b92400b6 | 1551 | |
b72cdbb7 TL |
1552 | my $d = $vmlist->{ids}->{$vmid}; |
1553 | next if $nodename && $d->{node} ne $nodename; | |
b92400b6 | 1554 | |
b72cdbb7 TL |
1555 | eval { |
1556 | my $class; | |
2c27e4b7 | 1557 | if ($d->{type} eq 'lxc') { |
b72cdbb7 | 1558 | $class = 'PVE::LXC::Config'; |
2c27e4b7 | 1559 | } elsif ($d->{type} eq 'qemu') { |
b72cdbb7 | 1560 | $class = 'PVE::QemuConfig'; |
b92400b6 DM |
1561 | } else { |
1562 | die "unknown VM type '$d->{type}'\n"; | |
1563 | } | |
1564 | ||
b72cdbb7 TL |
1565 | my $conf = $class->load_config($vmid); |
1566 | return if !$templates && $class->is_template($conf); | |
1567 | return if !$ha_managed && PVE::HA::Config::vm_is_ha_managed($vmid); | |
04b2004b | 1568 | |
b2bb6d77 | 1569 | $res->{$vmid}->{conf} = $conf; |
b72cdbb7 | 1570 | $res->{$vmid}->{type} = $d->{type}; |
1c8dc310 | 1571 | $res->{$vmid}->{class} = $class; |
b92400b6 DM |
1572 | }; |
1573 | warn $@ if $@; | |
1574 | } | |
1575 | ||
b72cdbb7 TL |
1576 | return $res; |
1577 | }; | |
1578 | ||
1579 | # return all VMs which should get started/stopped on power up/down | |
1580 | my $get_start_stop_list = sub { | |
1581 | my ($nodename, $autostart, $vmfilter) = @_; | |
1582 | ||
ae9d10ca TL |
1583 | # do not skip HA vms on force or if a specific VMID set is wanted |
1584 | my $include_ha_managed = defined($vmfilter) ? 1 : 0; | |
1585 | ||
1586 | my $vmlist = &$get_filtered_vmlist($nodename, $vmfilter, undef, $include_ha_managed); | |
b72cdbb7 TL |
1587 | |
1588 | my $resList = {}; | |
1589 | foreach my $vmid (keys %$vmlist) { | |
b2bb6d77 | 1590 | my $conf = $vmlist->{$vmid}->{conf}; |
b72cdbb7 TL |
1591 | |
1592 | next if $autostart && !$conf->{onboot}; | |
1593 | ||
1594 | my $startup = {}; | |
1595 | if ($conf->{startup}) { | |
1596 | $startup = PVE::JSONSchema::pve_parse_startup_order($conf->{startup}); | |
1597 | } | |
1598 | ||
1599 | $startup->{order} = LONG_MAX if !defined($startup->{order}); | |
1600 | ||
1601 | $resList->{$startup->{order}}->{$vmid} = $startup; | |
23b54109 | 1602 | $resList->{$startup->{order}}->{$vmid}->{type} = $vmlist->{$vmid}->{type}; |
b72cdbb7 TL |
1603 | } |
1604 | ||
b92400b6 DM |
1605 | return $resList; |
1606 | }; | |
1607 | ||
1c8dc310 TL |
1608 | my $remove_locks_on_startup = sub { |
1609 | my ($nodename) = @_; | |
1610 | ||
1611 | my $vmlist = &$get_filtered_vmlist($nodename, undef, undef, 1); | |
1612 | ||
1613 | foreach my $vmid (keys %$vmlist) { | |
1614 | my $conf = $vmlist->{$vmid}->{conf}; | |
23b54109 | 1615 | my $class = $vmlist->{$vmid}->{class}; |
1c8dc310 TL |
1616 | |
1617 | eval { | |
1618 | if ($class->has_lock($conf, 'backup')) { | |
1619 | $class->remove_lock($vmid, 'backup'); | |
1620 | my $msg = "removed left over backup lock from '$vmid'!"; | |
1621 | warn "$msg\n"; # prints to task log | |
1622 | syslog('warning', $msg); | |
1623 | } | |
1624 | }; warn $@ if $@; | |
1625 | } | |
1626 | }; | |
1627 | ||
b92400b6 | 1628 | __PACKAGE__->register_method ({ |
f9d26e09 TL |
1629 | name => 'startall', |
1630 | path => 'startall', | |
b92400b6 DM |
1631 | method => 'POST', |
1632 | protected => 1, | |
17e3b3b2 CS |
1633 | permissions => { |
1634 | check => ['perm', '/', [ 'VM.PowerMgmt' ]], | |
1635 | }, | |
9c8a09a7 | 1636 | proxyto => 'node', |
b92400b6 DM |
1637 | description => "Start all VMs and containers (when onboot=1).", |
1638 | parameters => { | |
1639 | additionalProperties => 0, | |
1640 | properties => { | |
1641 | node => get_standard_option('pve-node'), | |
c09c7160 AD |
1642 | force => { |
1643 | optional => 1, | |
1644 | type => 'boolean', | |
1645 | description => "force if onboot=0.", | |
1646 | }, | |
2a498506 DC |
1647 | vms => { |
1648 | description => "Only consider Guests with these IDs.", | |
1649 | type => 'string', format => 'pve-vmid-list', | |
1650 | optional => 1, | |
1651 | }, | |
b92400b6 DM |
1652 | }, |
1653 | }, | |
1654 | returns => { | |
1655 | type => 'string', | |
1656 | }, | |
1657 | code => sub { | |
1658 | my ($param) = @_; | |
1659 | ||
1660 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1661 | my $authuser = $rpcenv->get_user(); | |
1662 | ||
1663 | my $nodename = $param->{node}; | |
1664 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1665 | ||
c09c7160 AD |
1666 | my $force = $param->{force}; |
1667 | ||
b92400b6 DM |
1668 | my $code = sub { |
1669 | ||
1670 | $rpcenv->{type} = 'priv'; # to start tasks in background | |
1671 | ||
3947d0a0 DM |
1672 | if (!PVE::Cluster::check_cfs_quorum(1)) { |
1673 | print "waiting for quorum ...\n"; | |
1674 | do { | |
1675 | sleep(1); | |
1676 | } while (!PVE::Cluster::check_cfs_quorum(1)); | |
1677 | print "got quorum\n"; | |
b92400b6 | 1678 | } |
1c8dc310 TL |
1679 | |
1680 | eval { # remove backup locks, but avoid running into a scheduled backup job | |
1681 | PVE::Tools::lock_file('/var/run/vzdump.lock', 10, $remove_locks_on_startup, $nodename); | |
1682 | }; warn $@ if $@; | |
1683 | ||
c09c7160 | 1684 | my $autostart = $force ? undef : 1; |
2a498506 | 1685 | my $startList = &$get_start_stop_list($nodename, $autostart, $param->{vms}); |
3f12bcfb DM |
1686 | |
1687 | # Note: use numeric sorting with <=> | |
5eec2b04 | 1688 | foreach my $order (sort {$a <=> $b} keys %$startList) { |
b92400b6 DM |
1689 | my $vmlist = $startList->{$order}; |
1690 | ||
3f12bcfb | 1691 | foreach my $vmid (sort {$a <=> $b} keys %$vmlist) { |
b92400b6 DM |
1692 | my $d = $vmlist->{$vmid}; |
1693 | ||
1694 | PVE::Cluster::check_cfs_quorum(); # abort when we loose quorum | |
b72cdbb7 | 1695 | |
b92400b6 DM |
1696 | eval { |
1697 | my $default_delay = 0; | |
1698 | my $upid; | |
c6bb5891 | 1699 | my $typeText = ''; |
b92400b6 | 1700 | |
2c27e4b7 | 1701 | if ($d->{type} eq 'lxc') { |
c6bb5891 | 1702 | $typeText = 'CT'; |
2c27e4b7 DM |
1703 | return if PVE::LXC::check_running($vmid); |
1704 | print STDERR "Starting CT $vmid\n"; | |
1b5e56f2 | 1705 | $upid = PVE::API2::LXC::Status->vm_start({node => $nodename, vmid => $vmid }); |
2c27e4b7 | 1706 | } elsif ($d->{type} eq 'qemu') { |
c6bb5891 | 1707 | $typeText = 'VM'; |
d6c49392 | 1708 | $default_delay = 3; # to reduce load |
b92400b6 DM |
1709 | return if PVE::QemuServer::check_running($vmid, 1); |
1710 | print STDERR "Starting VM $vmid\n"; | |
1711 | $upid = PVE::API2::Qemu->vm_start({node => $nodename, vmid => $vmid }); | |
1712 | } else { | |
1713 | die "unknown VM type '$d->{type}'\n"; | |
1714 | } | |
1715 | ||
1716 | my $res = PVE::Tools::upid_decode($upid); | |
1717 | while (PVE::ProcFSTools::check_process_running($res->{pid})) { | |
1718 | sleep(1); | |
1719 | } | |
1720 | ||
1721 | my $status = PVE::Tools::upid_read_status($upid); | |
1722 | if ($status eq 'OK') { | |
1723 | # use default delay to reduce load | |
1724 | my $delay = defined($d->{up}) ? int($d->{up}) : $default_delay; | |
1725 | if ($delay > 0) { | |
1726 | print STDERR "Waiting for $delay seconds (startup delay)\n" if $d->{up}; | |
1727 | for (my $i = 0; $i < $delay; $i++) { | |
1728 | sleep(1); | |
1729 | } | |
1730 | } | |
1731 | } else { | |
c6bb5891 | 1732 | print STDERR "Starting $typeText $vmid failed: $status\n"; |
b92400b6 DM |
1733 | } |
1734 | }; | |
1735 | warn $@ if $@; | |
1736 | } | |
1737 | } | |
1738 | return; | |
1739 | }; | |
1740 | ||
1741 | return $rpcenv->fork_worker('startall', undef, $authuser, $code); | |
1742 | }}); | |
1743 | ||
1744 | my $create_stop_worker = sub { | |
1745 | my ($nodename, $type, $vmid, $down_timeout) = @_; | |
1746 | ||
1747 | my $upid; | |
2c27e4b7 DM |
1748 | if ($type eq 'lxc') { |
1749 | return if !PVE::LXC::check_running($vmid); | |
1750 | my $timeout = defined($down_timeout) ? int($down_timeout) : 60; | |
1751 | print STDERR "Stopping CT $vmid (timeout = $timeout seconds)\n"; | |
1b5e56f2 | 1752 | $upid = PVE::API2::LXC::Status->vm_shutdown({node => $nodename, vmid => $vmid, |
2c27e4b7 DM |
1753 | timeout => $timeout, forceStop => 1 }); |
1754 | } elsif ($type eq 'qemu') { | |
b92400b6 DM |
1755 | return if !PVE::QemuServer::check_running($vmid, 1); |
1756 | my $timeout = defined($down_timeout) ? int($down_timeout) : 60*3; | |
88ba9a1d | 1757 | print STDERR "Stopping VM $vmid (timeout = $timeout seconds)\n"; |
f9d26e09 | 1758 | $upid = PVE::API2::Qemu->vm_shutdown({node => $nodename, vmid => $vmid, |
b92400b6 DM |
1759 | timeout => $timeout, forceStop => 1 }); |
1760 | } else { | |
1761 | die "unknown VM type '$type'\n"; | |
1762 | } | |
1763 | ||
37bec895 | 1764 | return $upid; |
b92400b6 DM |
1765 | }; |
1766 | ||
1767 | __PACKAGE__->register_method ({ | |
f9d26e09 TL |
1768 | name => 'stopall', |
1769 | path => 'stopall', | |
b92400b6 DM |
1770 | method => 'POST', |
1771 | protected => 1, | |
17e3b3b2 CS |
1772 | permissions => { |
1773 | check => ['perm', '/', [ 'VM.PowerMgmt' ]], | |
1774 | }, | |
9c8a09a7 | 1775 | proxyto => 'node', |
b92400b6 DM |
1776 | description => "Stop all VMs and Containers.", |
1777 | parameters => { | |
1778 | additionalProperties => 0, | |
1779 | properties => { | |
1780 | node => get_standard_option('pve-node'), | |
2a498506 DC |
1781 | vms => { |
1782 | description => "Only consider Guests with these IDs.", | |
1783 | type => 'string', format => 'pve-vmid-list', | |
1784 | optional => 1, | |
1785 | }, | |
b92400b6 DM |
1786 | }, |
1787 | }, | |
1788 | returns => { | |
1789 | type => 'string', | |
1790 | }, | |
1791 | code => sub { | |
1792 | my ($param) = @_; | |
1793 | ||
1794 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1795 | my $authuser = $rpcenv->get_user(); | |
1796 | ||
1797 | my $nodename = $param->{node}; | |
1798 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1799 | ||
1800 | my $code = sub { | |
1801 | ||
1802 | $rpcenv->{type} = 'priv'; # to start tasks in background | |
1803 | ||
2a498506 | 1804 | my $stopList = &$get_start_stop_list($nodename, undef, $param->{vms}); |
b92400b6 DM |
1805 | |
1806 | my $cpuinfo = PVE::ProcFSTools::read_cpuinfo(); | |
89ceb802 TL |
1807 | my $datacenterconfig = cfs_read_file('datacenter.cfg'); |
1808 | # if not set by user spawn max cpu count number of workers | |
1809 | my $maxWorkers = $datacenterconfig->{max_workers} || $cpuinfo->{cpus}; | |
b92400b6 DM |
1810 | |
1811 | foreach my $order (sort {$b <=> $a} keys %$stopList) { | |
1812 | my $vmlist = $stopList->{$order}; | |
1813 | my $workers = {}; | |
37bec895 DM |
1814 | |
1815 | my $finish_worker = sub { | |
1816 | my $pid = shift; | |
1817 | my $d = $workers->{$pid}; | |
1818 | return if !$d; | |
1819 | delete $workers->{$pid}; | |
1820 | ||
1821 | syslog('info', "end task $d->{upid}"); | |
1822 | }; | |
1823 | ||
b92400b6 DM |
1824 | foreach my $vmid (sort {$b <=> $a} keys %$vmlist) { |
1825 | my $d = $vmlist->{$vmid}; | |
37bec895 DM |
1826 | my $upid; |
1827 | eval { $upid = &$create_stop_worker($nodename, $d->{type}, $vmid, $d->{down}); }; | |
b92400b6 | 1828 | warn $@ if $@; |
37bec895 DM |
1829 | next if !$upid; |
1830 | ||
1831 | my $res = PVE::Tools::upid_decode($upid, 1); | |
1832 | next if !$res; | |
1833 | ||
1834 | my $pid = $res->{pid}; | |
1835 | ||
1836 | $workers->{$pid} = { type => $d->{type}, upid => $upid, vmid => $vmid }; | |
b92400b6 DM |
1837 | while (scalar(keys %$workers) >= $maxWorkers) { |
1838 | foreach my $p (keys %$workers) { | |
1839 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
37bec895 | 1840 | &$finish_worker($p); |
b92400b6 DM |
1841 | } |
1842 | } | |
1843 | sleep(1); | |
1844 | } | |
1845 | } | |
1846 | while (scalar(keys %$workers)) { | |
1847 | foreach my $p (keys %$workers) { | |
1848 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
37bec895 | 1849 | &$finish_worker($p); |
b92400b6 DM |
1850 | } |
1851 | } | |
1852 | sleep(1); | |
1853 | } | |
1854 | } | |
37bec895 DM |
1855 | |
1856 | syslog('info', "all VMs and CTs stopped"); | |
1857 | ||
b92400b6 DM |
1858 | return; |
1859 | }; | |
1860 | ||
1861 | return $rpcenv->fork_worker('stopall', undef, $authuser, $code); | |
b92400b6 DM |
1862 | }}); |
1863 | ||
9c8a09a7 AD |
1864 | my $create_migrate_worker = sub { |
1865 | my ($nodename, $type, $vmid, $target) = @_; | |
1866 | ||
1867 | my $upid; | |
2c27e4b7 DM |
1868 | if ($type eq 'lxc') { |
1869 | my $online = PVE::LXC::check_running($vmid) ? 1 : 0; | |
1870 | print STDERR "Migrating CT $vmid\n"; | |
1871 | $upid = PVE::API2::LXC->migrate_vm({node => $nodename, vmid => $vmid, target => $target, | |
e5045607 | 1872 | restart => $online }); |
2c27e4b7 | 1873 | } elsif ($type eq 'qemu') { |
9c8a09a7 AD |
1874 | my $online = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0; |
1875 | print STDERR "Migrating VM $vmid\n"; | |
1876 | $upid = PVE::API2::Qemu->migrate_vm({node => $nodename, vmid => $vmid, target => $target, | |
2c27e4b7 | 1877 | online => $online }); |
9c8a09a7 AD |
1878 | } else { |
1879 | die "unknown VM type '$type'\n"; | |
1880 | } | |
1881 | ||
1882 | my $res = PVE::Tools::upid_decode($upid); | |
1883 | ||
1884 | return $res->{pid}; | |
1885 | }; | |
1886 | ||
1887 | __PACKAGE__->register_method ({ | |
1888 | name => 'migrateall', | |
1889 | path => 'migrateall', | |
1890 | method => 'POST', | |
1891 | proxyto => 'node', | |
1892 | protected => 1, | |
17e3b3b2 CS |
1893 | permissions => { |
1894 | check => ['perm', '/', [ 'VM.Migrate' ]], | |
1895 | }, | |
9c8a09a7 AD |
1896 | description => "Migrate all VMs and Containers.", |
1897 | parameters => { | |
1898 | additionalProperties => 0, | |
1899 | properties => { | |
1900 | node => get_standard_option('pve-node'), | |
1901 | target => get_standard_option('pve-node', { description => "Target node." }), | |
1902 | maxworkers => { | |
89ceb802 TL |
1903 | description => "Maximal number of parallel migration job." . |
1904 | " If not set use 'max_workers' from datacenter.cfg," . | |
1905 | " one of both must be set!", | |
1906 | optional => 1, | |
9c8a09a7 AD |
1907 | type => 'integer', |
1908 | minimum => 1 | |
1909 | }, | |
2a498506 DC |
1910 | vms => { |
1911 | description => "Only consider Guests with these IDs.", | |
1912 | type => 'string', format => 'pve-vmid-list', | |
1913 | optional => 1, | |
1914 | }, | |
9c8a09a7 AD |
1915 | }, |
1916 | }, | |
1917 | returns => { | |
1918 | type => 'string', | |
1919 | }, | |
1920 | code => sub { | |
1921 | my ($param) = @_; | |
1922 | ||
1923 | my $rpcenv = PVE::RPCEnvironment::get(); | |
1924 | my $authuser = $rpcenv->get_user(); | |
1925 | ||
1926 | my $nodename = $param->{node}; | |
1927 | $nodename = PVE::INotify::nodename() if $nodename eq 'localhost'; | |
1928 | ||
73981e39 DC |
1929 | my $target = $param->{target}; |
1930 | raise_param_exc({ target => "target is local node."}) if $target eq $nodename; | |
1931 | ||
1932 | PVE::Cluster::check_cfs_quorum(); | |
1933 | ||
1934 | PVE::Cluster::check_node_exists($target); | |
89ceb802 TL |
1935 | |
1936 | my $datacenterconfig = cfs_read_file('datacenter.cfg'); | |
1937 | # prefer parameter over datacenter cfg settings | |
1938 | my $maxWorkers = $param->{maxworkers} || $datacenterconfig->{max_workers} || | |
1939 | die "either 'maxworkers' parameter or max_workers in datacenter.cfg must be set!\n"; | |
9c8a09a7 AD |
1940 | |
1941 | my $code = sub { | |
9c8a09a7 AD |
1942 | $rpcenv->{type} = 'priv'; # to start tasks in background |
1943 | ||
f5c1dde5 | 1944 | my $vmlist = &$get_filtered_vmlist($nodename, $param->{vms}, 1, 1); |
9c8a09a7 | 1945 | |
f5c1dde5 TL |
1946 | my $workers = {}; |
1947 | foreach my $vmid (sort keys %$vmlist) { | |
1948 | my $d = $vmlist->{$vmid}; | |
1949 | my $pid; | |
1950 | eval { $pid = &$create_migrate_worker($nodename, $d->{type}, $vmid, $target); }; | |
1951 | warn $@ if $@; | |
1952 | next if !$pid; | |
9c8a09a7 | 1953 | |
f5c1dde5 TL |
1954 | $workers->{$pid} = 1; |
1955 | while (scalar(keys %$workers) >= $maxWorkers) { | |
9c8a09a7 AD |
1956 | foreach my $p (keys %$workers) { |
1957 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
1958 | delete $workers->{$p}; | |
1959 | } | |
1960 | } | |
1961 | sleep(1); | |
1962 | } | |
1963 | } | |
f5c1dde5 TL |
1964 | while (scalar(keys %$workers)) { |
1965 | foreach my $p (keys %$workers) { | |
1966 | if (!PVE::ProcFSTools::check_process_running($p)) { | |
1967 | delete $workers->{$p}; | |
1968 | } | |
1969 | } | |
1970 | sleep(1); | |
1971 | } | |
9c8a09a7 AD |
1972 | return; |
1973 | }; | |
1974 | ||
1975 | return $rpcenv->fork_worker('migrateall', undef, $authuser, $code); | |
1976 | ||
1977 | }}); | |
1978 | ||
820d0458 DC |
1979 | __PACKAGE__->register_method ({ |
1980 | name => 'get_etc_hosts', | |
1981 | path => 'hosts', | |
1982 | method => 'GET', | |
1983 | proxyto => 'node', | |
1984 | protected => 1, | |
1985 | permissions => { | |
1986 | check => ['perm', '/', [ 'Sys.Audit' ]], | |
1987 | }, | |
1988 | description => "Get the content of /etc/hosts.", | |
1989 | parameters => { | |
1990 | additionalProperties => 0, | |
1991 | properties => { | |
1992 | node => get_standard_option('pve-node'), | |
1993 | }, | |
1994 | }, | |
1995 | returns => { | |
1996 | type => 'object', | |
1997 | properties => { | |
1998 | digest => get_standard_option('pve-config-digest'), | |
1999 | data => { | |
2000 | type => 'string', | |
2001 | description => 'The content of /etc/hosts.' | |
2002 | }, | |
2003 | }, | |
2004 | }, | |
2005 | code => sub { | |
2006 | my ($param) = @_; | |
2007 | ||
2008 | return PVE::INotify::read_file('etchosts'); | |
2009 | ||
2010 | }}); | |
2011 | ||
2012 | __PACKAGE__->register_method ({ | |
2013 | name => 'write_etc_hosts', | |
2014 | path => 'hosts', | |
2015 | method => 'POST', | |
2016 | proxyto => 'node', | |
2017 | protected => 1, | |
2018 | permissions => { | |
2019 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
2020 | }, | |
2021 | description => "Write /etc/hosts.", | |
2022 | parameters => { | |
2023 | additionalProperties => 0, | |
2024 | properties => { | |
2025 | node => get_standard_option('pve-node'), | |
2026 | digest => get_standard_option('pve-config-digest'), | |
2027 | data => { | |
2028 | type => 'string', | |
2029 | description => 'The target content of /etc/hosts.' | |
2030 | }, | |
2031 | }, | |
2032 | }, | |
2033 | returns => { | |
2034 | type => 'null', | |
2035 | }, | |
2036 | code => sub { | |
2037 | my ($param) = @_; | |
2038 | ||
2039 | PVE::Tools::lock_file('/var/lock/pve-etchosts.lck', undef, sub{ | |
2040 | if ($param->{digest}) { | |
2041 | my $hosts = PVE::INotify::read_file('etchosts'); | |
2042 | PVE::Tools::assert_if_modified($hosts->{digest}, $param->{digest}); | |
2043 | } | |
2044 | PVE::INotify::write_file('etchosts', $param->{data}); | |
2045 | }); | |
2046 | die $@ if $@; | |
2047 | ||
2048 | return undef; | |
2049 | }}); | |
2050 | ||
82282acf WL |
2051 | # bash completion helper |
2052 | ||
2053 | sub complete_templet_repo { | |
2054 | my ($cmdname, $pname, $cvalue) = @_; | |
2055 | ||
2056 | my $repo = PVE::APLInfo::load_data(); | |
2057 | my $res = []; | |
2058 | foreach my $templ (keys %{$repo->{all}}) { | |
2059 | next if $templ !~ m/^$cvalue/; | |
2060 | push @$res, $templ; | |
2061 | } | |
2062 | ||
2063 | return $res; | |
2064 | } | |
2065 | ||
aff192e6 DM |
2066 | package PVE::API2::Nodes; |
2067 | ||
2068 | use strict; | |
2069 | use warnings; | |
2070 | ||
2071 | use PVE::SafeSyslog; | |
2072 | use PVE::Cluster; | |
2073 | use PVE::RESTHandler; | |
2074 | use PVE::RPCEnvironment; | |
b193e4ac | 2075 | use PVE::API2Tools; |
f57cbe5d | 2076 | use PVE::JSONSchema qw(get_standard_option); |
aff192e6 DM |
2077 | |
2078 | use base qw(PVE::RESTHandler); | |
2079 | ||
2080 | __PACKAGE__->register_method ({ | |
f9d26e09 | 2081 | subclass => "PVE::API2::Nodes::Nodeinfo", |
aff192e6 DM |
2082 | path => '{node}', |
2083 | }); | |
2084 | ||
2085 | __PACKAGE__->register_method ({ | |
f9d26e09 TL |
2086 | name => 'index', |
2087 | path => '', | |
aff192e6 DM |
2088 | method => 'GET', |
2089 | permissions => { user => 'all' }, | |
2090 | description => "Cluster node index.", | |
2091 | parameters => { | |
2092 | additionalProperties => 0, | |
2093 | properties => {}, | |
2094 | }, | |
2095 | returns => { | |
2096 | type => 'array', | |
2097 | items => { | |
2098 | type => "object", | |
f57cbe5d DM |
2099 | properties => { |
2100 | node => get_standard_option('pve-node'), | |
2101 | status => { | |
2102 | description => "Node status.", | |
2103 | type => 'string', | |
2104 | enum => ['unknown', 'online', 'offline'], | |
2105 | }, | |
2106 | cpu => { | |
2107 | description => "CPU utilization.", | |
2108 | type => 'number', | |
2109 | optional => 1, | |
2110 | renderer => 'fraction_as_percentage', | |
2111 | }, | |
2112 | maxcpu => { | |
2113 | description => "Number of available CPUs.", | |
2114 | type => 'integer', | |
2115 | optional => 1, | |
2116 | }, | |
2117 | mem => { | |
2118 | description => "Used memory in bytes.", | |
2119 | type => 'string', | |
2120 | optional => 1, | |
2121 | renderer => 'bytes', | |
2122 | }, | |
2123 | maxmem => { | |
2124 | description => "Number of available memory in bytes.", | |
2125 | type => 'integer', | |
2126 | optional => 1, | |
2127 | renderer => 'bytes', | |
2128 | }, | |
2129 | level => { | |
2130 | description => "Support level.", | |
2131 | type => 'string', | |
2132 | optional => 1, | |
2133 | }, | |
2134 | uptime => { | |
2135 | description => "Node uptime in seconds.", | |
2136 | type => 'integer', | |
2137 | optional => 1, | |
2138 | renderer => 'duration', | |
2139 | }, | |
2140 | ssl_fingerprint => { | |
2141 | description => "The SSL fingerprint for the node certificate.", | |
2142 | type => 'string', | |
2143 | optional => 1, | |
2144 | }, | |
2145 | }, | |
aff192e6 | 2146 | }, |
b193e4ac | 2147 | links => [ { rel => 'child', href => "{node}" } ], |
aff192e6 DM |
2148 | }, |
2149 | code => sub { | |
2150 | my ($param) = @_; | |
f9d26e09 | 2151 | |
57d56896 TL |
2152 | my $rpcenv = PVE::RPCEnvironment::get(); |
2153 | my $authuser = $rpcenv->get_user(); | |
2154 | ||
aff192e6 DM |
2155 | my $clinfo = PVE::Cluster::get_clinfo(); |
2156 | my $res = []; | |
2157 | ||
b193e4ac DM |
2158 | my $nodelist = PVE::Cluster::get_nodelist(); |
2159 | my $members = PVE::Cluster::get_members(); | |
aff192e6 DM |
2160 | my $rrd = PVE::Cluster::rrd_dump(); |
2161 | ||
b193e4ac | 2162 | foreach my $node (@$nodelist) { |
57d56896 TL |
2163 | my $can_audit = $rpcenv->check($authuser, "/nodes/$node", [ 'Sys.Audit' ], 1); |
2164 | my $entry = PVE::API2Tools::extract_node_stats($node, $members, $rrd, !$can_audit); | |
16efab9e | 2165 | $entry->{ssl_fingerprint} = PVE::Cluster::get_node_fingerprint($node); |
aff192e6 DM |
2166 | push @$res, $entry; |
2167 | } | |
2168 | ||
2169 | return $res; | |
2170 | }}); | |
2171 | ||
2172 | 1; |