]> git.proxmox.com Git - pve-storage.git/blob - PVE/API2/Storage/Config.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rbd: manage keyring for pveceph storages
[pve-storage.git] / PVE / API2 / Storage / Config.pm
1 package PVE::API2::Storage::Config;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param);
8 use PVE::Cluster qw(cfs_read_file cfs_write_file);
9 use PVE::Storage;
10 use PVE::Storage::Plugin;
11 use HTTP::Status qw(:constants);
12 use Storable qw(dclone);
13 use PVE::JSONSchema qw(get_standard_option);
14 use PVE::RPCEnvironment;
15
16 use PVE::RESTHandler;
17
18 use base qw(PVE::RESTHandler);
19
20 my @ctypes = qw(images vztmpl iso backup);
21
22 my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
23
24 my $api_storage_config = sub {
25 my ($cfg, $storeid) = @_;
26
27 my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
28 $scfg->{storage} = $storeid;
29 $scfg->{digest} = $cfg->{digest};
30 $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
31
32 if ($scfg->{nodes}) {
33 $scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
34 }
35
36 return $scfg;
37 };
38
39 __PACKAGE__->register_method ({
40 name => 'index',
41 path => '',
42 method => 'GET',
43 description => "Storage index.",
44 permissions => {
45 description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
46 user => 'all',
47 },
48 parameters => {
49 additionalProperties => 0,
50 properties => {
51 type => {
52 description => "Only list storage of specific type",
53 type => 'string',
54 enum => $storage_type_enum,
55 optional => 1,
56 },
57 },
58 },
59 returns => {
60 type => 'array',
61 items => {
62 type => "object",
63 properties => { storage => { type => 'string'} },
64 },
65 links => [ { rel => 'child', href => "{storage}" } ],
66 },
67 code => sub {
68 my ($param) = @_;
69
70 my $rpcenv = PVE::RPCEnvironment::get();
71 my $authuser = $rpcenv->get_user();
72
73 my $cfg = PVE::Storage::config();
74
75 my @sids = PVE::Storage::storage_ids($cfg);
76
77 my $res = [];
78 foreach my $storeid (@sids) {
79 my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
80 next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
81
82 my $scfg = &$api_storage_config($cfg, $storeid);
83 next if $param->{type} && $param->{type} ne $scfg->{type};
84 push @$res, $scfg;
85 }
86
87 return $res;
88 }});
89
90 __PACKAGE__->register_method ({
91 name => 'read',
92 path => '{storage}',
93 method => 'GET',
94 description => "Read storage configuration.",
95 permissions => {
96 check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
97 },
98 parameters => {
99 additionalProperties => 0,
100 properties => {
101 storage => get_standard_option('pve-storage-id'),
102 },
103 },
104 returns => {},
105 code => sub {
106 my ($param) = @_;
107
108 my $cfg = PVE::Storage::config();
109
110 return &$api_storage_config($cfg, $param->{storage});
111 }});
112
113 __PACKAGE__->register_method ({
114 name => 'create',
115 protected => 1,
116 path => '',
117 method => 'POST',
118 description => "Create a new storage.",
119 permissions => {
120 check => ['perm', '/storage', ['Datastore.Allocate']],
121 },
122 parameters => PVE::Storage::Plugin->createSchema(),
123 returns => { type => 'null' },
124 code => sub {
125 my ($param) = @_;
126
127 my $type = extract_param($param, 'type');
128 my $storeid = extract_param($param, 'storage');
129
130 if ($param->{portal}) {
131 $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
132 }
133
134 my $plugin = PVE::Storage::Plugin->lookup($type);
135 my $opts = $plugin->check_config($storeid, $param, 1, 1);
136
137 PVE::Storage::lock_storage_config(
138 sub {
139
140 my $cfg = PVE::Storage::config();
141
142 if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
143 die "storage ID '$storeid' already defined\n";
144 }
145
146 $cfg->{ids}->{$storeid} = $opts;
147
148 if ($type eq 'lvm' && $opts->{base}) {
149
150 my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});
151
152 my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
153 die "base storage ID '$baseid' does not exist\n" if !$basecfg;
154
155 # we only support iscsi for now
156 if (!($basecfg->{type} eq 'iscsi')) {
157 die "unsupported base type '$basecfg->{type}'";
158 }
159
160 my $path = PVE::Storage::path($cfg, $opts->{base});
161
162 PVE::Storage::activate_storage($cfg, $baseid);
163
164 PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
165 } elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
166 my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
167 my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
168
169 die "ceph authx keyring file for storage '$storeid' already exists!\n"
170 if -e $ceph_storage_keyring;
171
172 eval {
173 PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
174 };
175 if (my $err = $@) {
176 unlink $ceph_storage_keyring;
177 die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
178 }
179 }
180
181 # try to activate if enabled on local node,
182 # we only do this to detect errors/problems sooner
183 if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
184 PVE::Storage::activate_storage($cfg, $storeid);
185 }
186
187 PVE::Storage::write_config($cfg);
188
189 }, "create storage failed");
190
191 return undef;
192 }});
193
194 __PACKAGE__->register_method ({
195 name => 'update',
196 protected => 1,
197 path => '{storage}',
198 method => 'PUT',
199 description => "Update storage configuration.",
200 permissions => {
201 check => ['perm', '/storage', ['Datastore.Allocate']],
202 },
203 parameters => PVE::Storage::Plugin->updateSchema(),
204 returns => { type => 'null' },
205 code => sub {
206 my ($param) = @_;
207
208 my $storeid = extract_param($param, 'storage');
209 my $digest = extract_param($param, 'digest');
210
211 PVE::Storage::lock_storage_config(
212 sub {
213
214 my $cfg = PVE::Storage::config();
215
216 PVE::SectionConfig::assert_if_modified($cfg, $digest);
217
218 my $scfg = PVE::Storage::storage_config($cfg, $storeid);
219
220 my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
221 my $opts = $plugin->check_config($storeid, $param, 0, 1);
222
223 foreach my $k (%$opts) {
224 $scfg->{$k} = $opts->{$k};
225 }
226
227 PVE::Storage::write_config($cfg);
228
229 }, "update storage failed");
230
231 return undef;
232 }});
233
234 __PACKAGE__->register_method ({
235 name => 'delete',
236 protected => 1,
237 path => '{storage}', # /storage/config/{storage}
238 method => 'DELETE',
239 description => "Delete storage configuration.",
240 permissions => {
241 check => ['perm', '/storage', ['Datastore.Allocate']],
242 },
243 parameters => {
244 additionalProperties => 0,
245 properties => {
246 storage => get_standard_option('pve-storage-id', {
247 completion => \&PVE::Storage::complete_storage,
248 }),
249 },
250 },
251 returns => { type => 'null' },
252 code => sub {
253 my ($param) = @_;
254
255 my $storeid = extract_param($param, 'storage');
256
257 PVE::Storage::lock_storage_config(
258 sub {
259
260 my $cfg = PVE::Storage::config();
261
262 my $scfg = PVE::Storage::storage_config($cfg, $storeid);
263
264 die "can't remove storage - storage is used as base of another storage\n"
265 if PVE::Storage::storage_is_used($cfg, $storeid);
266
267 if ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
268 my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
269 if (-f $ceph_storage_keyring) {
270 unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
271 }
272 }
273
274 delete $cfg->{ids}->{$storeid};
275
276 PVE::Storage::write_config($cfg);
277
278 }, "delete storage failed");
279
280 PVE::AccessControl::remove_storage_access($storeid);
281
282 return undef;
283 }});
284
285 1;
Storage library