]> git.proxmox.com Git - pve-storage.git/blob - PVE/API2/Storage/Config.pm
projects / pve-storage.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
storage add: always extract password from parameters
[pve-storage.git] / PVE / API2 / Storage / Config.pm
1 package PVE::API2::Storage::Config;
2
3 use strict;
4 use warnings;
5
6 use PVE::SafeSyslog;
7 use PVE::Tools qw(extract_param);
8 use PVE::Cluster qw(cfs_read_file cfs_write_file);
9 use PVE::Storage;
10 use PVE::Storage::Plugin;
11 use PVE::Storage::LVMPlugin;
12 use PVE::Storage::CIFSPlugin;
13 use HTTP::Status qw(:constants);
14 use Storable qw(dclone);
15 use PVE::JSONSchema qw(get_standard_option);
16 use PVE::RPCEnvironment;
17
18 use PVE::RESTHandler;
19
20 use base qw(PVE::RESTHandler);
21
22 my @ctypes = qw(images vztmpl iso backup);
23
24 my $storage_type_enum = PVE::Storage::Plugin->lookup_types();
25
26 my $api_storage_config = sub {
27 my ($cfg, $storeid) = @_;
28
29 my $scfg = dclone(PVE::Storage::storage_config($cfg, $storeid));
30 $scfg->{storage} = $storeid;
31 $scfg->{digest} = $cfg->{digest};
32 $scfg->{content} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'content', $scfg->{content});
33
34 if ($scfg->{nodes}) {
35 $scfg->{nodes} = PVE::Storage::Plugin->encode_value($scfg->{type}, 'nodes', $scfg->{nodes});
36 }
37
38 return $scfg;
39 };
40
41 __PACKAGE__->register_method ({
42 name => 'index',
43 path => '',
44 method => 'GET',
45 description => "Storage index.",
46 permissions => {
47 description => "Only list entries where you have 'Datastore.Audit' or 'Datastore.AllocateSpace' permissions on '/storage/<storage>'",
48 user => 'all',
49 },
50 parameters => {
51 additionalProperties => 0,
52 properties => {
53 type => {
54 description => "Only list storage of specific type",
55 type => 'string',
56 enum => $storage_type_enum,
57 optional => 1,
58 },
59 },
60 },
61 returns => {
62 type => 'array',
63 items => {
64 type => "object",
65 properties => { storage => { type => 'string'} },
66 },
67 links => [ { rel => 'child', href => "{storage}" } ],
68 },
69 code => sub {
70 my ($param) = @_;
71
72 my $rpcenv = PVE::RPCEnvironment::get();
73 my $authuser = $rpcenv->get_user();
74
75 my $cfg = PVE::Storage::config();
76
77 my @sids = PVE::Storage::storage_ids($cfg);
78
79 my $res = [];
80 foreach my $storeid (@sids) {
81 my $privs = [ 'Datastore.Audit', 'Datastore.AllocateSpace' ];
82 next if !$rpcenv->check_any($authuser, "/storage/$storeid", $privs, 1);
83
84 my $scfg = &$api_storage_config($cfg, $storeid);
85 next if $param->{type} && $param->{type} ne $scfg->{type};
86 push @$res, $scfg;
87 }
88
89 return $res;
90 }});
91
92 __PACKAGE__->register_method ({
93 name => 'read',
94 path => '{storage}',
95 method => 'GET',
96 description => "Read storage configuration.",
97 permissions => {
98 check => ['perm', '/storage/{storage}', ['Datastore.Allocate']],
99 },
100 parameters => {
101 additionalProperties => 0,
102 properties => {
103 storage => get_standard_option('pve-storage-id'),
104 },
105 },
106 returns => { type => 'object' },
107 code => sub {
108 my ($param) = @_;
109
110 my $cfg = PVE::Storage::config();
111
112 return &$api_storage_config($cfg, $param->{storage});
113 }});
114
115 __PACKAGE__->register_method ({
116 name => 'create',
117 protected => 1,
118 path => '',
119 method => 'POST',
120 description => "Create a new storage.",
121 permissions => {
122 check => ['perm', '/storage', ['Datastore.Allocate']],
123 },
124 parameters => PVE::Storage::Plugin->createSchema(),
125 returns => { type => 'null' },
126 code => sub {
127 my ($param) = @_;
128
129 my $type = extract_param($param, 'type');
130 my $storeid = extract_param($param, 'storage');
131
132 # revent an empty nodelist.
133 # fix me in section config create never need an empty entity.
134 delete $param->{nodes} if !$param->{nodes};
135
136 my $password;
137 # always extract pw, else it gets written to the www-data readable scfg
138 if (my $tmp_pw = extract_param($param, 'password')) {
139 if ($type eq 'cifs' && $param->{username}) {
140 $password = $tmp_pw;
141 } else {
142 warn "ignore password parameter\n";
143 }
144 }
145
146 if ($param->{portal}) {
147 $param->{portal} = PVE::Storage::resolv_portal($param->{portal});
148 }
149
150 my $plugin = PVE::Storage::Plugin->lookup($type);
151 my $opts = $plugin->check_config($storeid, $param, 1, 1);
152
153 PVE::Storage::lock_storage_config(
154 sub {
155
156 my $cfg = PVE::Storage::config();
157
158 if (my $scfg = PVE::Storage::storage_config($cfg, $storeid, 1)) {
159 die "storage ID '$storeid' already defined\n";
160 }
161
162 $cfg->{ids}->{$storeid} = $opts;
163
164 my $cred_file = undef;
165
166 if ($type eq 'lvm' && $opts->{base}) {
167
168 my ($baseid, $volname) = PVE::Storage::parse_volume_id($opts->{base});
169
170 my $basecfg = PVE::Storage::storage_config ($cfg, $baseid, 1);
171 die "base storage ID '$baseid' does not exist\n" if !$basecfg;
172
173 # we only support iscsi for now
174 if (!($basecfg->{type} eq 'iscsi')) {
175 die "unsupported base type '$basecfg->{type}'";
176 }
177
178 my $path = PVE::Storage::path($cfg, $opts->{base});
179
180 PVE::Storage::activate_storage($cfg, $baseid);
181
182 PVE::Storage::LVMPlugin::lvm_create_volume_group($path, $opts->{vgname}, $opts->{shared});
183 } elsif ($type eq 'rbd' && !defined($opts->{monhost})) {
184 my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring';
185 my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
186
187 die "ceph authx keyring file for storage '$storeid' already exists!\n"
188 if -e $ceph_storage_keyring;
189
190 eval {
191 mkdir '/etc/pve/priv/ceph';
192 PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
193 };
194 if (my $err = $@) {
195 unlink $ceph_storage_keyring;
196 die "failed to copy ceph authx keyring for storage '$storeid': $err\n";
197 }
198 } elsif ($type eq 'cifs' && defined($password)) {
199 # create a password file in /etc/pve/priv,
200 # this file is used as a cert_file at mount time.
201 $cred_file = PVE::Storage::CIFSPlugin::cifs_set_credentials($password, $storeid);
202 }
203
204 eval {
205 # try to activate if enabled on local node,
206 # we only do this to detect errors/problems sooner
207 if (PVE::Storage::storage_check_enabled($cfg, $storeid, undef, 1)) {
208 PVE::Storage::activate_storage($cfg, $storeid);
209 }
210 };
211 if(my $err = $@) {
212 unlink $cred_file if defined($cred_file);
213 die $err;
214 }
215
216 PVE::Storage::write_config($cfg);
217
218 }, "create storage failed");
219
220 return undef;
221 }});
222
223 __PACKAGE__->register_method ({
224 name => 'update',
225 protected => 1,
226 path => '{storage}',
227 method => 'PUT',
228 description => "Update storage configuration.",
229 permissions => {
230 check => ['perm', '/storage', ['Datastore.Allocate']],
231 },
232 parameters => PVE::Storage::Plugin->updateSchema(),
233 returns => { type => 'null' },
234 code => sub {
235 my ($param) = @_;
236
237 my $storeid = extract_param($param, 'storage');
238 my $digest = extract_param($param, 'digest');
239
240 PVE::Storage::lock_storage_config(
241 sub {
242
243 my $cfg = PVE::Storage::config();
244
245 PVE::SectionConfig::assert_if_modified($cfg, $digest);
246
247 my $scfg = PVE::Storage::storage_config($cfg, $storeid);
248
249 my $plugin = PVE::Storage::Plugin->lookup($scfg->{type});
250 my $opts = $plugin->check_config($storeid, $param, 0, 1);
251
252 foreach my $k (%$opts) {
253 $scfg->{$k} = $opts->{$k};
254 }
255
256 PVE::Storage::write_config($cfg);
257
258 }, "update storage failed");
259
260 return undef;
261 }});
262
263 __PACKAGE__->register_method ({
264 name => 'delete',
265 protected => 1,
266 path => '{storage}', # /storage/config/{storage}
267 method => 'DELETE',
268 description => "Delete storage configuration.",
269 permissions => {
270 check => ['perm', '/storage', ['Datastore.Allocate']],
271 },
272 parameters => {
273 additionalProperties => 0,
274 properties => {
275 storage => get_standard_option('pve-storage-id', {
276 completion => \&PVE::Storage::complete_storage,
277 }),
278 },
279 },
280 returns => { type => 'null' },
281 code => sub {
282 my ($param) = @_;
283
284 my $storeid = extract_param($param, 'storage');
285
286 PVE::Storage::lock_storage_config(
287 sub {
288
289 my $cfg = PVE::Storage::config();
290
291 my $scfg = PVE::Storage::storage_config($cfg, $storeid);
292
293 die "can't remove storage - storage is used as base of another storage\n"
294 if PVE::Storage::storage_is_used($cfg, $storeid);
295
296 if ($scfg->{type} eq 'cifs') {
297 my $cred_file = PVE::Storage::CIFSPlugin::cifs_cred_file_name($storeid);
298 if (-f $cred_file) {
299 unlink($cred_file) or warn "removing cifs credientials '$cred_file' failed: $!\n";
300 }
301 } elsif ($scfg->{type} eq 'rbd' && !defined($scfg->{monhost})) {
302 my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.keyring";
303 if (-f $ceph_storage_keyring) {
304 unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n";
305 }
306 }
307
308 delete $cfg->{ids}->{$storeid};
309
310 PVE::Storage::write_config($cfg);
311
312 }, "delete storage failed");
313
314 PVE::AccessControl::remove_storage_access($storeid);
315
316 return undef;
317 }});
318
319 1;
Storage library