]>
Commit | Line | Data |
---|---|---|
21ace8d3 DM |
1 | package PVE::API2::Subscription; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use Digest::MD5 qw(md5_hex md5_base64); | |
6 | use MIME::Base64; | |
7 | use HTTP::Request; | |
8 | use LWP::UserAgent; | |
43fc27a4 | 9 | use JSON; |
21ace8d3 | 10 | |
d017de1f FG |
11 | use Proxmox::RS::Subscription; |
12 | ||
21ace8d3 | 13 | use PVE::Tools; |
8f9217dc | 14 | use PVE::ProcFSTools; |
21ace8d3 DM |
15 | use PVE::Exception qw(raise_param_exc); |
16 | use PVE::INotify; | |
17 | use PVE::Cluster qw (cfs_read_file cfs_write_file); | |
3ac3653e | 18 | use PVE::DataCenterConfig; |
21ace8d3 DM |
19 | use PVE::AccessControl; |
20 | use PVE::Storage; | |
21 | use PVE::JSONSchema qw(get_standard_option); | |
22 | ||
23 | use PVE::SafeSyslog; | |
24 | ||
25 | use PVE::API2Tools; | |
26 | use PVE::RESTHandler; | |
27 | ||
28 | use base qw(PVE::RESTHandler); | |
29 | ||
9fdfebf7 | 30 | my $subscription_pattern = 'pve([1248])([cbsp])-[0-9a-f]{10}'; |
d017de1f | 31 | my $filename = "/etc/subscription"; |
21ace8d3 | 32 | |
21ace8d3 | 33 | sub get_sockets { |
8f9217dc DM |
34 | my $info = PVE::ProcFSTools::read_cpuinfo(); |
35 | return $info->{sockets}; | |
21ace8d3 DM |
36 | } |
37 | ||
38 | sub parse_key { | |
43fc27a4 | 39 | my ($key, $noerr) = @_; |
21ace8d3 | 40 | |
43fc27a4 | 41 | if ($key =~ m/^${subscription_pattern}$/) { |
16b69b6c | 42 | return wantarray ? ($1, $2) : $1; # number of sockets, level |
21ace8d3 | 43 | } |
43fc27a4 DM |
44 | return undef if $noerr; |
45 | ||
46 | die "Wrong subscription key format\n"; | |
21ace8d3 DM |
47 | } |
48 | ||
43fc27a4 DM |
49 | sub check_key { |
50 | my ($key, $req_sockets) = @_; | |
21ace8d3 | 51 | |
43fc27a4 | 52 | my ($sockets, $level) = parse_key($key); |
21ace8d3 DM |
53 | if ($sockets < $req_sockets) { |
54 | die "wrong number of sockets ($sockets < $req_sockets)\n"; | |
55 | } | |
43fc27a4 | 56 | return ($sockets, $level); |
21ace8d3 DM |
57 | } |
58 | ||
d017de1f | 59 | sub read_etc_subscription { |
43fc27a4 DM |
60 | my $req_sockets = get_sockets(); |
61 | my $server_id = PVE::API2Tools::get_hwaddress(); | |
21ace8d3 | 62 | |
d017de1f | 63 | my $info = Proxmox::RS::Subscription::read_subscription($filename); |
21ace8d3 | 64 | |
25eaf729 | 65 | return $info if !$info || $info->{status} ne 'active'; |
21ace8d3 | 66 | |
43fc27a4 DM |
67 | my ($sockets, $level); |
68 | eval { ($sockets, $level) = check_key($info->{key}, $req_sockets); }; | |
69 | if (my $err = $@) { | |
70 | chomp $err; | |
d017de1f | 71 | $info->{status} = 'invalid'; |
43fc27a4 DM |
72 | $info->{message} = $err; |
73 | } else { | |
16b69b6c DM |
74 | $info->{level} = $level; |
75 | } | |
76 | ||
21ace8d3 DM |
77 | return $info; |
78 | } | |
79 | ||
fc3e061b TL |
80 | my sub cache_is_valid { |
81 | my ($info) = @_; | |
82 | ||
83 | return if !$info || $info->{status} ne 'active'; | |
84 | ||
85 | my $checked_info = Proxmox::RS::Subscription::check_age($info, 1); | |
86 | return $checked_info->{status} eq 'active' | |
87 | } | |
88 | ||
d017de1f FG |
89 | sub write_etc_subscription { |
90 | my ($info) = @_; | |
21ace8d3 | 91 | |
2ba6d822 | 92 | my $server_id = PVE::API2Tools::get_hwaddress(); |
d017de1f | 93 | mkdir "/etc/apt/auth.conf.d"; |
76a165a1 TL |
94 | Proxmox::RS::Subscription::write_subscription( |
95 | $filename, "/etc/apt/auth.conf.d/pve.conf", "enterprise.proxmox.com/debian/pve", $info); | |
93542d77 TL |
96 | |
97 | # FIXME: improve this, especially the selection of valid ceph-releases | |
98 | # NOTE: currently we should add future ceph releases as early as possible, to ensure that | |
99 | my $ceph_auth = ''; | |
100 | for my $ceph_release ('quincy', 'reef') { | |
101 | $ceph_auth .= "machine enterprise.proxmox.com/debian/ceph-${ceph_release}" | |
102 | ." login $info->{key} password $info->{serverid}\n" | |
103 | } | |
104 | PVE::Tools::file_set_contents("/etc/apt/auth.conf.d/ceph.conf", $ceph_auth); | |
21ace8d3 DM |
105 | } |
106 | ||
107 | __PACKAGE__->register_method ({ | |
43fc27a4 DM |
108 | name => 'get', |
109 | path => '', | |
21ace8d3 DM |
110 | method => 'GET', |
111 | description => "Read subscription info.", | |
112 | proxyto => 'node', | |
e721a829 | 113 | permissions => { user => 'all' }, |
21ace8d3 DM |
114 | parameters => { |
115 | additionalProperties => 0, | |
116 | properties => { | |
117 | node => get_standard_option('pve-node'), | |
118 | }, | |
119 | }, | |
120 | returns => { type => 'object'}, | |
121 | code => sub { | |
122 | my ($param) = @_; | |
123 | ||
7d6fba8f | 124 | my $node = $param->{node}; |
00a93a4b | 125 | |
2d2ed7ab DM |
126 | my $rpcenv = PVE::RPCEnvironment::get(); |
127 | my $authuser = $rpcenv->get_user(); | |
d8645329 | 128 | my $has_permission = $rpcenv->check($authuser, "/nodes/$node", ['Sys.Audit'], 1); |
2d2ed7ab | 129 | |
7d762f4c | 130 | my $server_id = PVE::API2Tools::get_hwaddress(); |
93580fec | 131 | my $url = "https://www.proxmox.com/proxmox-ve/pricing"; |
7d762f4c | 132 | |
d017de1f | 133 | my $info = read_etc_subscription(); |
21ace8d3 | 134 | if (!$info) { |
2d2ed7ab | 135 | my $no_subscription_info = { |
d017de1f | 136 | status => "notfound", |
21ace8d3 | 137 | message => "There is no subscription key", |
2d2ed7ab DM |
138 | url => $url, |
139 | }; | |
140 | $no_subscription_info->{serverid} = $server_id if $has_permission; | |
141 | return $no_subscription_info; | |
142 | } | |
143 | ||
144 | if (!$has_permission) { | |
145 | return { | |
146 | status => $info->{status}, | |
147 | message => $info->{message}, | |
43fc27a4 | 148 | url => $url, |
21ace8d3 DM |
149 | } |
150 | } | |
00a93a4b DM |
151 | |
152 | $info->{serverid} = $server_id; | |
153 | $info->{sockets} = get_sockets(); | |
43fc27a4 | 154 | $info->{url} = $url; |
00a93a4b | 155 | |
21ace8d3 DM |
156 | return $info |
157 | }}); | |
158 | ||
159 | __PACKAGE__->register_method ({ | |
43fc27a4 DM |
160 | name => 'update', |
161 | path => '', | |
21ace8d3 | 162 | method => 'POST', |
69bbb885 TL |
163 | permissions => { |
164 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
165 | }, | |
21ace8d3 DM |
166 | description => "Update subscription info.", |
167 | proxyto => 'node', | |
168 | protected => 1, | |
169 | parameters => { | |
170 | additionalProperties => 0, | |
171 | properties => { | |
172 | node => get_standard_option('pve-node'), | |
173 | force => { | |
76a165a1 | 174 | description => "Always connect to server, even if local cache is still valid.", |
21ace8d3 DM |
175 | type => 'boolean', |
176 | optional => 1, | |
177 | default => 0 | |
178 | } | |
179 | }, | |
180 | }, | |
181 | returns => { type => 'null'}, | |
182 | code => sub { | |
183 | my ($param) = @_; | |
184 | ||
d017de1f | 185 | my $info = read_etc_subscription(); |
21ace8d3 DM |
186 | return undef if !$info; |
187 | ||
43fc27a4 DM |
188 | my $server_id = PVE::API2Tools::get_hwaddress(); |
189 | my $key = $info->{key}; | |
190 | ||
d4df1b14 FG |
191 | die "Updating offline key not possible - please remove and re-add subscription key to switch to online key.\n" |
192 | if $info->{signature}; | |
193 | ||
fc3e061b | 194 | return undef if !$param->{force} && cache_is_valid($info); # key has been recently checked |
21ace8d3 | 195 | |
43fc27a4 DM |
196 | my $req_sockets = get_sockets(); |
197 | check_key($key, $req_sockets); | |
198 | ||
199 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
200 | my $proxy = $dccfg->{http_proxy}; | |
201 | ||
d017de1f | 202 | $info = Proxmox::RS::Subscription::check_subscription($key, $server_id, "", "Proxmox VE", $proxy); |
21ace8d3 | 203 | |
d017de1f | 204 | write_etc_subscription($info); |
21ace8d3 DM |
205 | |
206 | return undef; | |
207 | }}); | |
208 | ||
209 | __PACKAGE__->register_method ({ | |
43fc27a4 DM |
210 | name => 'set', |
211 | path => '', | |
21ace8d3 | 212 | method => 'PUT', |
69bbb885 TL |
213 | permissions => { |
214 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
215 | }, | |
21ace8d3 DM |
216 | description => "Set subscription key.", |
217 | proxyto => 'node', | |
218 | protected => 1, | |
219 | parameters => { | |
e82ed167 | 220 | additionalProperties => 0, |
21ace8d3 DM |
221 | properties => { |
222 | node => get_standard_option('pve-node'), | |
223 | key => { | |
224 | description => "Proxmox VE subscription key", | |
225 | type => 'string', | |
43fc27a4 DM |
226 | pattern => $subscription_pattern, |
227 | maxLength => 32, | |
21ace8d3 DM |
228 | }, |
229 | }, | |
230 | }, | |
231 | returns => { type => 'null'}, | |
232 | code => sub { | |
233 | my ($param) = @_; | |
234 | ||
43fc27a4 | 235 | my $key = PVE::Tools::trim($param->{key}); |
94cc9560 | 236 | |
76a165a1 | 237 | my $new_info = { |
21ace8d3 | 238 | status => 'New', |
43fc27a4 | 239 | key => $key, |
21ace8d3 DM |
240 | checktime => time(), |
241 | }; | |
242 | ||
243 | my $req_sockets = get_sockets(); | |
2ba6d822 | 244 | my $server_id = PVE::API2Tools::get_hwaddress(); |
21ace8d3 | 245 | |
43fc27a4 | 246 | check_key($key, $req_sockets); |
21ace8d3 | 247 | |
76a165a1 | 248 | write_etc_subscription($new_info); |
21ace8d3 | 249 | |
43fc27a4 DM |
250 | my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg'); |
251 | my $proxy = $dccfg->{http_proxy}; | |
252 | ||
76a165a1 TL |
253 | my $checked_info = Proxmox::RS::Subscription::check_subscription( |
254 | $key, $server_id, "", "Proxmox VE", $proxy); | |
21ace8d3 | 255 | |
76a165a1 | 256 | write_etc_subscription($checked_info); |
21ace8d3 DM |
257 | |
258 | return undef; | |
259 | }}); | |
260 | ||
85222f82 MA |
261 | __PACKAGE__->register_method ({ |
262 | name => 'delete', | |
263 | path => '', | |
264 | method => 'DELETE', | |
265 | permissions => { | |
266 | check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], | |
267 | }, | |
bc12fba5 | 268 | description => "Delete subscription key of this node.", |
85222f82 MA |
269 | proxyto => 'node', |
270 | protected => 1, | |
271 | parameters => { | |
e82ed167 | 272 | additionalProperties => 0, |
85222f82 MA |
273 | properties => { |
274 | node => get_standard_option('pve-node'), | |
275 | }, | |
276 | }, | |
277 | returns => { type => 'null'}, | |
278 | code => sub { | |
279 | my $subscription_file = '/etc/subscription'; | |
e82ed167 | 280 | return if ! -e $subscription_file; |
85222f82 MA |
281 | unlink($subscription_file) or die "cannot delete subscription key: $!"; |
282 | return undef; | |
283 | }}); | |
284 | ||
21ace8d3 | 285 | 1; |