]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vmconfig_hotplug_pending: improve hotplug error handling
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuServer;
17 use PVE::QemuMigrate;
18 use PVE::RPCEnvironment;
19 use PVE::AccessControl;
20 use PVE::INotify;
21 use PVE::Network;
22 use PVE::API2::Firewall::VM;
23
24 use Data::Dumper; # fixme: remove
25
26 use base qw(PVE::RESTHandler);
27
28 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
29
30 my $resolve_cdrom_alias = sub {
31 my $param = shift;
32
33 if (my $value = $param->{cdrom}) {
34 $value .= ",media=cdrom" if $value !~ m/media=/;
35 $param->{ide2} = $value;
36 delete $param->{cdrom};
37 }
38 };
39
40 my $test_deallocate_drive = sub {
41 my ($storecfg, $vmid, $key, $drive, $force) = @_;
42
43 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
44 my $volid = $drive->{file};
45 if ( PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
46 if ($force || $key =~ m/^unused/) {
47 my $sid = PVE::Storage::parse_volume_id($volid);
48 return $sid;
49 }
50 }
51 }
52
53 return undef;
54 };
55
56 my $check_storage_access = sub {
57 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
58
59 PVE::QemuServer::foreach_drive($settings, sub {
60 my ($ds, $drive) = @_;
61
62 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
63
64 my $volid = $drive->{file};
65
66 if (!$volid || $volid eq 'none') {
67 # nothing to check
68 } elsif ($isCDROM && ($volid eq 'cdrom')) {
69 $rpcenv->check($authuser, "/", ['Sys.Console']);
70 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
71 my ($storeid, $size) = ($2 || $default_storage, $3);
72 die "no storage ID specified (and no default storage)\n" if !$storeid;
73 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
74 } else {
75 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
76 }
77 });
78 };
79
80 my $check_storage_access_clone = sub {
81 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
82
83 my $sharedvm = 1;
84
85 PVE::QemuServer::foreach_drive($conf, sub {
86 my ($ds, $drive) = @_;
87
88 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
89
90 my $volid = $drive->{file};
91
92 return if !$volid || $volid eq 'none';
93
94 if ($isCDROM) {
95 if ($volid eq 'cdrom') {
96 $rpcenv->check($authuser, "/", ['Sys.Console']);
97 } else {
98 # we simply allow access
99 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
100 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
101 $sharedvm = 0 if !$scfg->{shared};
102
103 }
104 } else {
105 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
106 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
107 $sharedvm = 0 if !$scfg->{shared};
108
109 $sid = $storage if $storage;
110 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
111 }
112 });
113
114 return $sharedvm;
115 };
116
117 # Note: $pool is only needed when creating a VM, because pool permissions
118 # are automatically inherited if VM already exists inside a pool.
119 my $create_disks = sub {
120 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
121
122 my $vollist = [];
123
124 my $res = {};
125 PVE::QemuServer::foreach_drive($settings, sub {
126 my ($ds, $disk) = @_;
127
128 my $volid = $disk->{file};
129
130 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
131 delete $disk->{size};
132 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
133 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
134 my ($storeid, $size) = ($2 || $default_storage, $3);
135 die "no storage ID specified (and no default storage)\n" if !$storeid;
136 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
137 my $fmt = $disk->{format} || $defformat;
138 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
139 $fmt, undef, $size*1024*1024);
140 $disk->{file} = $volid;
141 $disk->{size} = $size*1024*1024*1024;
142 push @$vollist, $volid;
143 delete $disk->{format}; # no longer needed
144 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
145 } else {
146
147 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
148
149 my $volid_is_new = 1;
150
151 if ($conf->{$ds}) {
152 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
153 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
154 }
155
156 if ($volid_is_new) {
157
158 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
159
160 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
161
162 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
163
164 die "volume $volid does not exists\n" if !$size;
165
166 $disk->{size} = $size;
167 }
168
169 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
170 }
171 });
172
173 # free allocated images on error
174 if (my $err = $@) {
175 syslog('err', "VM $vmid creating disks failed");
176 foreach my $volid (@$vollist) {
177 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
178 warn $@ if $@;
179 }
180 die $err;
181 }
182
183 # modify vm config if everything went well
184 foreach my $ds (keys %$res) {
185 $conf->{$ds} = $res->{$ds};
186 }
187
188 return $vollist;
189 };
190
191 my $check_vm_modify_config_perm = sub {
192 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
193
194 return 1 if $authuser eq 'root@pam';
195
196 foreach my $opt (@$key_list) {
197 # disk checks need to be done somewhere else
198 next if PVE::QemuServer::valid_drivename($opt);
199
200 if ($opt eq 'sockets' || $opt eq 'cores' ||
201 $opt eq 'cpu' || $opt eq 'smp' ||
202 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
203 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
204 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
205 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
206 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
207 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
208 } elsif ($opt eq 'args' || $opt eq 'lock') {
209 die "only root can set '$opt' config\n";
210 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
211 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') {
212 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
213 } elsif ($opt =~ m/^net\d+$/) {
214 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
215 } else {
216 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
217 }
218 }
219
220 return 1;
221 };
222
223 __PACKAGE__->register_method({
224 name => 'vmlist',
225 path => '',
226 method => 'GET',
227 description => "Virtual machine index (per node).",
228 permissions => {
229 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
230 user => 'all',
231 },
232 proxyto => 'node',
233 protected => 1, # qemu pid files are only readable by root
234 parameters => {
235 additionalProperties => 0,
236 properties => {
237 node => get_standard_option('pve-node'),
238 },
239 },
240 returns => {
241 type => 'array',
242 items => {
243 type => "object",
244 properties => {},
245 },
246 links => [ { rel => 'child', href => "{vmid}" } ],
247 },
248 code => sub {
249 my ($param) = @_;
250
251 my $rpcenv = PVE::RPCEnvironment::get();
252 my $authuser = $rpcenv->get_user();
253
254 my $vmstatus = PVE::QemuServer::vmstatus();
255
256 my $res = [];
257 foreach my $vmid (keys %$vmstatus) {
258 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
259
260 my $data = $vmstatus->{$vmid};
261 $data->{vmid} = int($vmid);
262 push @$res, $data;
263 }
264
265 return $res;
266 }});
267
268
269
270 __PACKAGE__->register_method({
271 name => 'create_vm',
272 path => '',
273 method => 'POST',
274 description => "Create or restore a virtual machine.",
275 permissions => {
276 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
277 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
278 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
279 user => 'all', # check inside
280 },
281 protected => 1,
282 proxyto => 'node',
283 parameters => {
284 additionalProperties => 0,
285 properties => PVE::QemuServer::json_config_properties(
286 {
287 node => get_standard_option('pve-node'),
288 vmid => get_standard_option('pve-vmid'),
289 archive => {
290 description => "The backup file.",
291 type => 'string',
292 optional => 1,
293 maxLength => 255,
294 },
295 storage => get_standard_option('pve-storage-id', {
296 description => "Default storage.",
297 optional => 1,
298 }),
299 force => {
300 optional => 1,
301 type => 'boolean',
302 description => "Allow to overwrite existing VM.",
303 requires => 'archive',
304 },
305 unique => {
306 optional => 1,
307 type => 'boolean',
308 description => "Assign a unique random ethernet address.",
309 requires => 'archive',
310 },
311 pool => {
312 optional => 1,
313 type => 'string', format => 'pve-poolid',
314 description => "Add the VM to the specified pool.",
315 },
316 }),
317 },
318 returns => {
319 type => 'string',
320 },
321 code => sub {
322 my ($param) = @_;
323
324 my $rpcenv = PVE::RPCEnvironment::get();
325
326 my $authuser = $rpcenv->get_user();
327
328 my $node = extract_param($param, 'node');
329
330 my $vmid = extract_param($param, 'vmid');
331
332 my $archive = extract_param($param, 'archive');
333
334 my $storage = extract_param($param, 'storage');
335
336 my $force = extract_param($param, 'force');
337
338 my $unique = extract_param($param, 'unique');
339
340 my $pool = extract_param($param, 'pool');
341
342 my $filename = PVE::QemuServer::config_file($vmid);
343
344 my $storecfg = PVE::Storage::config();
345
346 PVE::Cluster::check_cfs_quorum();
347
348 if (defined($pool)) {
349 $rpcenv->check_pool_exist($pool);
350 }
351
352 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
353 if defined($storage);
354
355 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
356 # OK
357 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
358 # OK
359 } elsif ($archive && $force && (-f $filename) &&
360 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
361 # OK: user has VM.Backup permissions, and want to restore an existing VM
362 } else {
363 raise_perm_exc();
364 }
365
366 if (!$archive) {
367 &$resolve_cdrom_alias($param);
368
369 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
370
371 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
372
373 foreach my $opt (keys %$param) {
374 if (PVE::QemuServer::valid_drivename($opt)) {
375 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
376 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
377
378 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
379 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
380 }
381 }
382
383 PVE::QemuServer::add_random_macs($param);
384 } else {
385 my $keystr = join(' ', keys %$param);
386 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
387
388 if ($archive eq '-') {
389 die "pipe requires cli environment\n"
390 if $rpcenv->{type} ne 'cli';
391 } else {
392 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
393 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
394 }
395 }
396
397 my $restorefn = sub {
398
399 # fixme: this test does not work if VM exists on other node!
400 if (-f $filename) {
401 die "unable to restore vm $vmid: config file already exists\n"
402 if !$force;
403
404 die "unable to restore vm $vmid: vm is running\n"
405 if PVE::QemuServer::check_running($vmid);
406 }
407
408 my $realcmd = sub {
409 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
410 storage => $storage,
411 pool => $pool,
412 unique => $unique });
413
414 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
415 };
416
417 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
418 };
419
420 my $createfn = sub {
421
422 # test after locking
423 die "unable to create vm $vmid: config file already exists\n"
424 if -f $filename;
425
426 my $realcmd = sub {
427
428 my $vollist = [];
429
430 my $conf = $param;
431
432 eval {
433
434 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
435
436 # try to be smart about bootdisk
437 my @disks = PVE::QemuServer::disknames();
438 my $firstdisk;
439 foreach my $ds (reverse @disks) {
440 next if !$conf->{$ds};
441 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
442 next if PVE::QemuServer::drive_is_cdrom($disk);
443 $firstdisk = $ds;
444 }
445
446 if (!$conf->{bootdisk} && $firstdisk) {
447 $conf->{bootdisk} = $firstdisk;
448 }
449
450 # auto generate uuid if user did not specify smbios1 option
451 if (!$conf->{smbios1}) {
452 my ($uuid, $uuid_str);
453 UUID::generate($uuid);
454 UUID::unparse($uuid, $uuid_str);
455 $conf->{smbios1} = "uuid=$uuid_str";
456 }
457
458 PVE::QemuServer::update_config_nolock($vmid, $conf);
459
460 };
461 my $err = $@;
462
463 if ($err) {
464 foreach my $volid (@$vollist) {
465 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
466 warn $@ if $@;
467 }
468 die "create failed - $err";
469 }
470
471 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
472 };
473
474 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
475 };
476
477 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
478 }});
479
480 __PACKAGE__->register_method({
481 name => 'vmdiridx',
482 path => '{vmid}',
483 method => 'GET',
484 proxyto => 'node',
485 description => "Directory index",
486 permissions => {
487 user => 'all',
488 },
489 parameters => {
490 additionalProperties => 0,
491 properties => {
492 node => get_standard_option('pve-node'),
493 vmid => get_standard_option('pve-vmid'),
494 },
495 },
496 returns => {
497 type => 'array',
498 items => {
499 type => "object",
500 properties => {
501 subdir => { type => 'string' },
502 },
503 },
504 links => [ { rel => 'child', href => "{subdir}" } ],
505 },
506 code => sub {
507 my ($param) = @_;
508
509 my $res = [
510 { subdir => 'config' },
511 { subdir => 'status' },
512 { subdir => 'unlink' },
513 { subdir => 'vncproxy' },
514 { subdir => 'migrate' },
515 { subdir => 'resize' },
516 { subdir => 'move' },
517 { subdir => 'rrd' },
518 { subdir => 'rrddata' },
519 { subdir => 'monitor' },
520 { subdir => 'snapshot' },
521 { subdir => 'spiceproxy' },
522 { subdir => 'sendkey' },
523 { subdir => 'firewall' },
524 ];
525
526 return $res;
527 }});
528
529 __PACKAGE__->register_method ({
530 subclass => "PVE::API2::Firewall::VM",
531 path => '{vmid}/firewall',
532 });
533
534 __PACKAGE__->register_method({
535 name => 'rrd',
536 path => '{vmid}/rrd',
537 method => 'GET',
538 protected => 1, # fixme: can we avoid that?
539 permissions => {
540 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
541 },
542 description => "Read VM RRD statistics (returns PNG)",
543 parameters => {
544 additionalProperties => 0,
545 properties => {
546 node => get_standard_option('pve-node'),
547 vmid => get_standard_option('pve-vmid'),
548 timeframe => {
549 description => "Specify the time frame you are interested in.",
550 type => 'string',
551 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
552 },
553 ds => {
554 description => "The list of datasources you want to display.",
555 type => 'string', format => 'pve-configid-list',
556 },
557 cf => {
558 description => "The RRD consolidation function",
559 type => 'string',
560 enum => [ 'AVERAGE', 'MAX' ],
561 optional => 1,
562 },
563 },
564 },
565 returns => {
566 type => "object",
567 properties => {
568 filename => { type => 'string' },
569 },
570 },
571 code => sub {
572 my ($param) = @_;
573
574 return PVE::Cluster::create_rrd_graph(
575 "pve2-vm/$param->{vmid}", $param->{timeframe},
576 $param->{ds}, $param->{cf});
577
578 }});
579
580 __PACKAGE__->register_method({
581 name => 'rrddata',
582 path => '{vmid}/rrddata',
583 method => 'GET',
584 protected => 1, # fixme: can we avoid that?
585 permissions => {
586 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
587 },
588 description => "Read VM RRD statistics",
589 parameters => {
590 additionalProperties => 0,
591 properties => {
592 node => get_standard_option('pve-node'),
593 vmid => get_standard_option('pve-vmid'),
594 timeframe => {
595 description => "Specify the time frame you are interested in.",
596 type => 'string',
597 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
598 },
599 cf => {
600 description => "The RRD consolidation function",
601 type => 'string',
602 enum => [ 'AVERAGE', 'MAX' ],
603 optional => 1,
604 },
605 },
606 },
607 returns => {
608 type => "array",
609 items => {
610 type => "object",
611 properties => {},
612 },
613 },
614 code => sub {
615 my ($param) = @_;
616
617 return PVE::Cluster::create_rrd_data(
618 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
619 }});
620
621
622 __PACKAGE__->register_method({
623 name => 'vm_config',
624 path => '{vmid}/config',
625 method => 'GET',
626 proxyto => 'node',
627 description => "Get virtual machine configuration.",
628 permissions => {
629 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
630 },
631 parameters => {
632 additionalProperties => 0,
633 properties => {
634 node => get_standard_option('pve-node'),
635 vmid => get_standard_option('pve-vmid'),
636 },
637 },
638 returns => {
639 type => "object",
640 properties => {
641 digest => {
642 type => 'string',
643 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
644 }
645 },
646 },
647 code => sub {
648 my ($param) = @_;
649
650 my $conf = PVE::QemuServer::load_config($param->{vmid});
651
652 delete $conf->{snapshots};
653
654 return $conf;
655 }});
656
657 my $delete_drive = sub {
658 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
659
660 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
661 my $volid = $drive->{file};
662
663 if (PVE::QemuServer::vm_is_volid_owner($storecfg, $vmid, $volid)) {
664 if ($force || $key =~ m/^unused/) {
665 eval {
666 # check if the disk is really unused
667 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key);
668 my $path = PVE::Storage::path($storecfg, $volid);
669
670 die "unable to delete '$volid' - volume is still in use (snapshot?)\n"
671 if $used_paths->{$path};
672
673 PVE::Storage::vdisk_free($storecfg, $volid);
674 };
675 die $@ if $@;
676 } else {
677 PVE::QemuServer::add_unused_volume($conf, $volid, $vmid);
678 }
679 }
680 }
681
682 delete $conf->{$key};
683 };
684
685 my $vmconfig_delete_option = sub {
686 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
687
688 return if !defined($conf->{$opt});
689
690 my $isDisk = PVE::QemuServer::valid_drivename($opt)|| ($opt =~ m/^unused/);
691
692 if ($isDisk) {
693 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
694
695 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
696 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
697 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
698 }
699 }
700
701 my $unplugwarning = "";
702 if ($conf->{ostype} && $conf->{ostype} eq 'l26') {
703 $unplugwarning = "<br>verify that you have acpiphp && pci_hotplug modules loaded in your guest VM";
704 } elsif ($conf->{ostype} && $conf->{ostype} eq 'l24') {
705 $unplugwarning = "<br>kernel 2.4 don't support hotplug, please disable hotplug in options";
706 } elsif (!$conf->{ostype} || ($conf->{ostype} && $conf->{ostype} eq 'other')) {
707 $unplugwarning = "<br>verify that your guest support acpi hotplug";
708 }
709
710 if ($opt eq 'tablet') {
711 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
712 } else {
713 die "error hot-unplug $opt $unplugwarning" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
714 }
715
716 if ($isDisk) {
717 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
718 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
719 } else {
720 delete $conf->{$opt};
721 }
722
723 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
724 };
725
726 my $safe_num_ne = sub {
727 my ($a, $b) = @_;
728
729 return 0 if !defined($a) && !defined($b);
730 return 1 if !defined($a);
731 return 1 if !defined($b);
732
733 return $a != $b;
734 };
735
736 my $vmconfig_update_disk = sub {
737 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
738
739 my $drive = PVE::QemuServer::parse_drive($opt, $value);
740
741 if (PVE::QemuServer::drive_is_cdrom($drive)) { #cdrom
742 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
743 } else {
744 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
745 }
746
747 if ($conf->{$opt}) {
748
749 if (my $old_drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt})) {
750
751 my $media = $drive->{media} || 'disk';
752 my $oldmedia = $old_drive->{media} || 'disk';
753 die "unable to change media type\n" if $media ne $oldmedia;
754
755 if (!PVE::QemuServer::drive_is_cdrom($old_drive) &&
756 ($drive->{file} ne $old_drive->{file})) { # delete old disks
757
758 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
759 $conf = PVE::QemuServer::load_config($vmid); # update/reload
760 }
761
762 if(&$safe_num_ne($drive->{mbps}, $old_drive->{mbps}) ||
763 &$safe_num_ne($drive->{mbps_rd}, $old_drive->{mbps_rd}) ||
764 &$safe_num_ne($drive->{mbps_wr}, $old_drive->{mbps_wr}) ||
765 &$safe_num_ne($drive->{iops}, $old_drive->{iops}) ||
766 &$safe_num_ne($drive->{iops_rd}, $old_drive->{iops_rd}) ||
767 &$safe_num_ne($drive->{iops_wr}, $old_drive->{iops_wr}) ||
768 &$safe_num_ne($drive->{mbps_max}, $old_drive->{mbps_max}) ||
769 &$safe_num_ne($drive->{mbps_rd_max}, $old_drive->{mbps_rd_max}) ||
770 &$safe_num_ne($drive->{mbps_wr_max}, $old_drive->{mbps_wr_max}) ||
771 &$safe_num_ne($drive->{iops_max}, $old_drive->{iops_max}) ||
772 &$safe_num_ne($drive->{iops_rd_max}, $old_drive->{iops_rd_max}) ||
773 &$safe_num_ne($drive->{iops_wr_max}, $old_drive->{iops_wr_max})) {
774 PVE::QemuServer::qemu_block_set_io_throttle($vmid,"drive-$opt",
775 ($drive->{mbps} || 0)*1024*1024,
776 ($drive->{mbps_rd} || 0)*1024*1024,
777 ($drive->{mbps_wr} || 0)*1024*1024,
778 $drive->{iops} || 0,
779 $drive->{iops_rd} || 0,
780 $drive->{iops_wr} || 0,
781 ($drive->{mbps_max} || 0)*1024*1024,
782 ($drive->{mbps_rd_max} || 0)*1024*1024,
783 ($drive->{mbps_wr_max} || 0)*1024*1024,
784 $drive->{iops_max} || 0,
785 $drive->{iops_rd_max} || 0,
786 $drive->{iops_wr_max} || 0)
787 if !PVE::QemuServer::drive_is_cdrom($drive);
788 }
789 }
790 }
791
792 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
793 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
794
795 $conf = PVE::QemuServer::load_config($vmid); # update/reload
796 $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
797
798 if (PVE::QemuServer::drive_is_cdrom($drive)) { # cdrom
799
800 if (PVE::QemuServer::check_running($vmid)) {
801 if ($drive->{file} eq 'none') {
802 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt");
803 } else {
804 my $path = PVE::QemuServer::get_iso_path($storecfg, $vmid, $drive->{file});
805 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt"); #force eject if locked
806 PVE::QemuServer::vm_mon_cmd($vmid, "change",device => "drive-$opt",target => "$path") if $path;
807 }
808 }
809
810 } else { # hotplug new disks
811
812 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
813 }
814 };
815
816 my $vmconfig_update_net = sub {
817 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value) = @_;
818
819 if ($conf->{$opt} && PVE::QemuServer::check_running($vmid)) {
820 my $oldnet = PVE::QemuServer::parse_net($conf->{$opt});
821 my $newnet = PVE::QemuServer::parse_net($value);
822
823 if($oldnet->{model} ne $newnet->{model}){
824 #if model change, we try to hot-unplug
825 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
826 }else{
827
828 if($newnet->{bridge} && $oldnet->{bridge}){
829 my $iface = "tap".$vmid."i".$1 if $opt =~ m/net(\d+)/;
830
831 if($newnet->{rate} ne $oldnet->{rate}){
832 PVE::Network::tap_rate_limit($iface, $newnet->{rate});
833 }
834
835 if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
836 PVE::Network::tap_unplug($iface);
837 PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
838 }
839
840 }else{
841 #if bridge/nat mode change, we try to hot-unplug
842 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
843 }
844 }
845
846 }
847 $conf->{$opt} = $value;
848 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
849 $conf = PVE::QemuServer::load_config($vmid); # update/reload
850
851 my $net = PVE::QemuServer::parse_net($conf->{$opt});
852
853 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $net);
854 };
855
856 # POST/PUT {vmid}/config implementation
857 #
858 # The original API used PUT (idempotent) an we assumed that all operations
859 # are fast. But it turned out that almost any configuration change can
860 # involve hot-plug actions, or disk alloc/free. Such actions can take long
861 # time to complete and have side effects (not idempotent).
862 #
863 # The new implementation uses POST and forks a worker process. We added
864 # a new option 'background_delay'. If specified we wait up to
865 # 'background_delay' second for the worker task to complete. It returns null
866 # if the task is finished within that time, else we return the UPID.
867
868 my $update_vm_api = sub {
869 my ($param, $sync) = @_;
870
871 my $rpcenv = PVE::RPCEnvironment::get();
872
873 my $authuser = $rpcenv->get_user();
874
875 my $node = extract_param($param, 'node');
876
877 my $vmid = extract_param($param, 'vmid');
878
879 my $digest = extract_param($param, 'digest');
880
881 my $background_delay = extract_param($param, 'background_delay');
882
883 my @paramarr = (); # used for log message
884 foreach my $key (keys %$param) {
885 push @paramarr, "-$key", $param->{$key};
886 }
887
888 my $skiplock = extract_param($param, 'skiplock');
889 raise_param_exc({ skiplock => "Only root may use this option." })
890 if $skiplock && $authuser ne 'root@pam';
891
892 my $delete_str = extract_param($param, 'delete');
893
894 my $force = extract_param($param, 'force');
895
896 die "no options specified\n" if !$delete_str && !scalar(keys %$param);
897
898 my $storecfg = PVE::Storage::config();
899
900 my $defaults = PVE::QemuServer::load_defaults();
901
902 &$resolve_cdrom_alias($param);
903
904 # now try to verify all parameters
905
906 my @delete = ();
907 foreach my $opt (PVE::Tools::split_list($delete_str)) {
908 $opt = 'ide2' if $opt eq 'cdrom';
909 raise_param_exc({ delete => "you can't use '-$opt' and " .
910 "-delete $opt' at the same time" })
911 if defined($param->{$opt});
912
913 if (!PVE::QemuServer::option_exists($opt)) {
914 raise_param_exc({ delete => "unknown option '$opt'" });
915 }
916
917 push @delete, $opt;
918 }
919
920 foreach my $opt (keys %$param) {
921 if (PVE::QemuServer::valid_drivename($opt)) {
922 # cleanup drive path
923 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
924 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
925 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
926 } elsif ($opt =~ m/^net(\d+)$/) {
927 # add macaddr
928 my $net = PVE::QemuServer::parse_net($param->{$opt});
929 $param->{$opt} = PVE::QemuServer::print_net($net);
930 }
931 }
932
933 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
934
935 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
936
937 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
938
939 my $updatefn = sub {
940
941 my $conf = PVE::QemuServer::load_config($vmid);
942
943 die "checksum missmatch (file change by other user?)\n"
944 if $digest && $digest ne $conf->{digest};
945
946 PVE::QemuServer::check_lock($conf) if !$skiplock;
947
948 if ($param->{memory} || defined($param->{balloon})) {
949 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
950 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
951
952 die "balloon value too large (must be smaller than assigned memory)\n"
953 if $balloon && $balloon > $maxmem;
954 }
955
956 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
957
958 my $worker = sub {
959
960 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
961
962 # write updates to pending section
963
964 my $modified = {}; # record what $option we modify
965
966 foreach my $opt (@delete) {
967 $modified->{$opt} = 1;
968 $conf = PVE::QemuServer::load_config($vmid); # update/reload
969 if ($opt =~ m/^unused/) {
970 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
971 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
972 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
973 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
974 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive);
975 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
976 }
977 } elsif (PVE::QemuServer::valid_drivename($opt)) {
978 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
979 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
980 if defined($conf->{pending}->{$opt});
981 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
982 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
983 } else {
984 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt);
985 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
986 }
987 }
988
989 foreach my $opt (keys %$param) { # add/change
990 $modified->{$opt} = 1;
991 $conf = PVE::QemuServer::load_config($vmid); # update/reload
992 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
993
994 if (PVE::QemuServer::valid_drivename($opt)) {
995 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
996 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
997 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
998 } else {
999 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1000 }
1001 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1002 if defined($conf->{pending}->{$opt});
1003
1004 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1005 } else {
1006 $conf->{pending}->{$opt} = $param->{$opt};
1007 }
1008 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
1009 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1010 }
1011
1012 # remove pending changes when nothing changed
1013 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1014 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
1015 PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes;
1016
1017 return if !scalar(keys %{$conf->{pending}});
1018
1019 my $running = PVE::QemuServer::check_running($vmid);
1020
1021 # apply pending changes
1022
1023 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1024
1025 if ($running) {
1026 my $errors = {};
1027 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1028 raise_param_exc($errors) if scalar(keys %$errors);
1029 } else {
1030 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1031 }
1032 return; # TODO: remove old code below
1033
1034 foreach my $opt (keys %$param) { # add/change
1035
1036 $conf = PVE::QemuServer::load_config($vmid); # update/reload
1037
1038 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
1039
1040 if (PVE::QemuServer::valid_drivename($opt)) {
1041
1042 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
1043 $opt, $param->{$opt}, $force);
1044
1045 } elsif ($opt =~ m/^net(\d+)$/) { #nics
1046
1047 &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
1048 $opt, $param->{$opt});
1049
1050 } else {
1051
1052 if($opt eq 'tablet' && $param->{$opt} == 1){
1053 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
1054 } elsif($opt eq 'tablet' && $param->{$opt} == 0){
1055 PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
1056 }
1057
1058 if($opt eq 'cores' && $conf->{maxcpus}){
1059 PVE::QemuServer::qemu_cpu_hotplug($vmid, $conf, $param->{$opt});
1060 }
1061
1062 $conf->{$opt} = $param->{$opt};
1063 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1064 }
1065 }
1066
1067 # allow manual ballooning if shares is set to zero
1068 if ($running && defined($param->{balloon}) &&
1069 defined($conf->{shares}) && ($conf->{shares} == 0)) {
1070 my $balloon = $param->{'balloon'} || $conf->{memory} || $defaults->{memory};
1071 PVE::QemuServer::vm_mon_cmd($vmid, "balloon", value => $balloon*1024*1024);
1072 }
1073 };
1074
1075 if ($sync) {
1076 &$worker();
1077 return undef;
1078 } else {
1079 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1080
1081 if ($background_delay) {
1082
1083 # Note: It would be better to do that in the Event based HTTPServer
1084 # to avoid blocking call to sleep.
1085
1086 my $end_time = time() + $background_delay;
1087
1088 my $task = PVE::Tools::upid_decode($upid);
1089
1090 my $running = 1;
1091 while (time() < $end_time) {
1092 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1093 last if !$running;
1094 sleep(1); # this gets interrupted when child process ends
1095 }
1096
1097 if (!$running) {
1098 my $status = PVE::Tools::upid_read_status($upid);
1099 return undef if $status eq 'OK';
1100 die $status;
1101 }
1102 }
1103
1104 return $upid;
1105 }
1106 };
1107
1108 return PVE::QemuServer::lock_config($vmid, $updatefn);
1109 };
1110
1111 my $vm_config_perm_list = [
1112 'VM.Config.Disk',
1113 'VM.Config.CDROM',
1114 'VM.Config.CPU',
1115 'VM.Config.Memory',
1116 'VM.Config.Network',
1117 'VM.Config.HWType',
1118 'VM.Config.Options',
1119 ];
1120
1121 __PACKAGE__->register_method({
1122 name => 'update_vm_async',
1123 path => '{vmid}/config',
1124 method => 'POST',
1125 protected => 1,
1126 proxyto => 'node',
1127 description => "Set virtual machine options (asynchrounous API).",
1128 permissions => {
1129 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1130 },
1131 parameters => {
1132 additionalProperties => 0,
1133 properties => PVE::QemuServer::json_config_properties(
1134 {
1135 node => get_standard_option('pve-node'),
1136 vmid => get_standard_option('pve-vmid'),
1137 skiplock => get_standard_option('skiplock'),
1138 delete => {
1139 type => 'string', format => 'pve-configid-list',
1140 description => "A list of settings you want to delete.",
1141 optional => 1,
1142 },
1143 force => {
1144 type => 'boolean',
1145 description => $opt_force_description,
1146 optional => 1,
1147 requires => 'delete',
1148 },
1149 digest => {
1150 type => 'string',
1151 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1152 maxLength => 40,
1153 optional => 1,
1154 },
1155 background_delay => {
1156 type => 'integer',
1157 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1158 minimum => 1,
1159 maximum => 30,
1160 optional => 1,
1161 },
1162 }),
1163 },
1164 returns => {
1165 type => 'string',
1166 optional => 1,
1167 },
1168 code => $update_vm_api,
1169 });
1170
1171 __PACKAGE__->register_method({
1172 name => 'update_vm',
1173 path => '{vmid}/config',
1174 method => 'PUT',
1175 protected => 1,
1176 proxyto => 'node',
1177 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1178 permissions => {
1179 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1180 },
1181 parameters => {
1182 additionalProperties => 0,
1183 properties => PVE::QemuServer::json_config_properties(
1184 {
1185 node => get_standard_option('pve-node'),
1186 vmid => get_standard_option('pve-vmid'),
1187 skiplock => get_standard_option('skiplock'),
1188 delete => {
1189 type => 'string', format => 'pve-configid-list',
1190 description => "A list of settings you want to delete.",
1191 optional => 1,
1192 },
1193 force => {
1194 type => 'boolean',
1195 description => $opt_force_description,
1196 optional => 1,
1197 requires => 'delete',
1198 },
1199 digest => {
1200 type => 'string',
1201 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1202 maxLength => 40,
1203 optional => 1,
1204 },
1205 }),
1206 },
1207 returns => { type => 'null' },
1208 code => sub {
1209 my ($param) = @_;
1210 &$update_vm_api($param, 1);
1211 return undef;
1212 }
1213 });
1214
1215
1216 __PACKAGE__->register_method({
1217 name => 'destroy_vm',
1218 path => '{vmid}',
1219 method => 'DELETE',
1220 protected => 1,
1221 proxyto => 'node',
1222 description => "Destroy the vm (also delete all used/owned volumes).",
1223 permissions => {
1224 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1225 },
1226 parameters => {
1227 additionalProperties => 0,
1228 properties => {
1229 node => get_standard_option('pve-node'),
1230 vmid => get_standard_option('pve-vmid'),
1231 skiplock => get_standard_option('skiplock'),
1232 },
1233 },
1234 returns => {
1235 type => 'string',
1236 },
1237 code => sub {
1238 my ($param) = @_;
1239
1240 my $rpcenv = PVE::RPCEnvironment::get();
1241
1242 my $authuser = $rpcenv->get_user();
1243
1244 my $vmid = $param->{vmid};
1245
1246 my $skiplock = $param->{skiplock};
1247 raise_param_exc({ skiplock => "Only root may use this option." })
1248 if $skiplock && $authuser ne 'root@pam';
1249
1250 # test if VM exists
1251 my $conf = PVE::QemuServer::load_config($vmid);
1252
1253 my $storecfg = PVE::Storage::config();
1254
1255 my $delVMfromPoolFn = sub {
1256 my $usercfg = cfs_read_file("user.cfg");
1257 if (my $pool = $usercfg->{vms}->{$vmid}) {
1258 if (my $data = $usercfg->{pools}->{$pool}) {
1259 delete $data->{vms}->{$vmid};
1260 delete $usercfg->{vms}->{$vmid};
1261 cfs_write_file("user.cfg", $usercfg);
1262 }
1263 }
1264 };
1265
1266 my $realcmd = sub {
1267 my $upid = shift;
1268
1269 syslog('info', "destroy VM $vmid: $upid\n");
1270
1271 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1272
1273 PVE::AccessControl::remove_vm_from_pool($vmid);
1274 };
1275
1276 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1277 }});
1278
1279 __PACKAGE__->register_method({
1280 name => 'unlink',
1281 path => '{vmid}/unlink',
1282 method => 'PUT',
1283 protected => 1,
1284 proxyto => 'node',
1285 description => "Unlink/delete disk images.",
1286 permissions => {
1287 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1288 },
1289 parameters => {
1290 additionalProperties => 0,
1291 properties => {
1292 node => get_standard_option('pve-node'),
1293 vmid => get_standard_option('pve-vmid'),
1294 idlist => {
1295 type => 'string', format => 'pve-configid-list',
1296 description => "A list of disk IDs you want to delete.",
1297 },
1298 force => {
1299 type => 'boolean',
1300 description => $opt_force_description,
1301 optional => 1,
1302 },
1303 },
1304 },
1305 returns => { type => 'null'},
1306 code => sub {
1307 my ($param) = @_;
1308
1309 $param->{delete} = extract_param($param, 'idlist');
1310
1311 __PACKAGE__->update_vm($param);
1312
1313 return undef;
1314 }});
1315
1316 my $sslcert;
1317
1318 __PACKAGE__->register_method({
1319 name => 'vncproxy',
1320 path => '{vmid}/vncproxy',
1321 method => 'POST',
1322 protected => 1,
1323 permissions => {
1324 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1325 },
1326 description => "Creates a TCP VNC proxy connections.",
1327 parameters => {
1328 additionalProperties => 0,
1329 properties => {
1330 node => get_standard_option('pve-node'),
1331 vmid => get_standard_option('pve-vmid'),
1332 websocket => {
1333 optional => 1,
1334 type => 'boolean',
1335 description => "starts websockify instead of vncproxy",
1336 },
1337 },
1338 },
1339 returns => {
1340 additionalProperties => 0,
1341 properties => {
1342 user => { type => 'string' },
1343 ticket => { type => 'string' },
1344 cert => { type => 'string' },
1345 port => { type => 'integer' },
1346 upid => { type => 'string' },
1347 },
1348 },
1349 code => sub {
1350 my ($param) = @_;
1351
1352 my $rpcenv = PVE::RPCEnvironment::get();
1353
1354 my $authuser = $rpcenv->get_user();
1355
1356 my $vmid = $param->{vmid};
1357 my $node = $param->{node};
1358 my $websocket = $param->{websocket};
1359
1360 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1361
1362 my $authpath = "/vms/$vmid";
1363
1364 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1365
1366 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1367 if !$sslcert;
1368
1369 my $port = PVE::Tools::next_vnc_port();
1370
1371 my $remip;
1372 my $remcmd = [];
1373
1374 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1375 $remip = PVE::Cluster::remote_node_ip($node);
1376 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1377 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1378 }
1379
1380 my $timeout = 10;
1381
1382 my $realcmd = sub {
1383 my $upid = shift;
1384
1385 syslog('info', "starting vnc proxy $upid\n");
1386
1387 my $cmd;
1388
1389 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1390
1391 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1392
1393 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1394 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1395 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1396 '-timeout', $timeout, '-authpath', $authpath,
1397 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1398 } else {
1399
1400 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1401
1402 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1403
1404 my $qmstr = join(' ', @$qmcmd);
1405
1406 # also redirect stderr (else we get RFB protocol errors)
1407 $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
1408 }
1409
1410 PVE::Tools::run_command($cmd);
1411
1412 return;
1413 };
1414
1415 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1416
1417 PVE::Tools::wait_for_vnc_port($port);
1418
1419 return {
1420 user => $authuser,
1421 ticket => $ticket,
1422 port => $port,
1423 upid => $upid,
1424 cert => $sslcert,
1425 };
1426 }});
1427
1428 __PACKAGE__->register_method({
1429 name => 'vncwebsocket',
1430 path => '{vmid}/vncwebsocket',
1431 method => 'GET',
1432 permissions => {
1433 description => "You also need to pass a valid ticket (vncticket).",
1434 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1435 },
1436 description => "Opens a weksocket for VNC traffic.",
1437 parameters => {
1438 additionalProperties => 0,
1439 properties => {
1440 node => get_standard_option('pve-node'),
1441 vmid => get_standard_option('pve-vmid'),
1442 vncticket => {
1443 description => "Ticket from previous call to vncproxy.",
1444 type => 'string',
1445 maxLength => 512,
1446 },
1447 port => {
1448 description => "Port number returned by previous vncproxy call.",
1449 type => 'integer',
1450 minimum => 5900,
1451 maximum => 5999,
1452 },
1453 },
1454 },
1455 returns => {
1456 type => "object",
1457 properties => {
1458 port => { type => 'string' },
1459 },
1460 },
1461 code => sub {
1462 my ($param) = @_;
1463
1464 my $rpcenv = PVE::RPCEnvironment::get();
1465
1466 my $authuser = $rpcenv->get_user();
1467
1468 my $vmid = $param->{vmid};
1469 my $node = $param->{node};
1470
1471 my $authpath = "/vms/$vmid";
1472
1473 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1474
1475 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1476
1477 # Note: VNC ports are acessible from outside, so we do not gain any
1478 # security if we verify that $param->{port} belongs to VM $vmid. This
1479 # check is done by verifying the VNC ticket (inside VNC protocol).
1480
1481 my $port = $param->{port};
1482
1483 return { port => $port };
1484 }});
1485
1486 __PACKAGE__->register_method({
1487 name => 'spiceproxy',
1488 path => '{vmid}/spiceproxy',
1489 method => 'POST',
1490 protected => 1,
1491 proxyto => 'node',
1492 permissions => {
1493 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1494 },
1495 description => "Returns a SPICE configuration to connect to the VM.",
1496 parameters => {
1497 additionalProperties => 0,
1498 properties => {
1499 node => get_standard_option('pve-node'),
1500 vmid => get_standard_option('pve-vmid'),
1501 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1502 },
1503 },
1504 returns => get_standard_option('remote-viewer-config'),
1505 code => sub {
1506 my ($param) = @_;
1507
1508 my $rpcenv = PVE::RPCEnvironment::get();
1509
1510 my $authuser = $rpcenv->get_user();
1511
1512 my $vmid = $param->{vmid};
1513 my $node = $param->{node};
1514 my $proxy = $param->{proxy};
1515
1516 my $conf = PVE::QemuServer::load_config($vmid, $node);
1517 my $title = "VM $vmid - $conf->{'name'}",
1518
1519 my $port = PVE::QemuServer::spice_port($vmid);
1520
1521 my ($ticket, undef, $remote_viewer_config) =
1522 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1523
1524 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1525 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1526
1527 return $remote_viewer_config;
1528 }});
1529
1530 __PACKAGE__->register_method({
1531 name => 'vmcmdidx',
1532 path => '{vmid}/status',
1533 method => 'GET',
1534 proxyto => 'node',
1535 description => "Directory index",
1536 permissions => {
1537 user => 'all',
1538 },
1539 parameters => {
1540 additionalProperties => 0,
1541 properties => {
1542 node => get_standard_option('pve-node'),
1543 vmid => get_standard_option('pve-vmid'),
1544 },
1545 },
1546 returns => {
1547 type => 'array',
1548 items => {
1549 type => "object",
1550 properties => {
1551 subdir => { type => 'string' },
1552 },
1553 },
1554 links => [ { rel => 'child', href => "{subdir}" } ],
1555 },
1556 code => sub {
1557 my ($param) = @_;
1558
1559 # test if VM exists
1560 my $conf = PVE::QemuServer::load_config($param->{vmid});
1561
1562 my $res = [
1563 { subdir => 'current' },
1564 { subdir => 'start' },
1565 { subdir => 'stop' },
1566 ];
1567
1568 return $res;
1569 }});
1570
1571 my $vm_is_ha_managed = sub {
1572 my ($vmid) = @_;
1573
1574 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1575 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $vmid, 1)) {
1576 return 1;
1577 }
1578 return 0;
1579 };
1580
1581 __PACKAGE__->register_method({
1582 name => 'vm_status',
1583 path => '{vmid}/status/current',
1584 method => 'GET',
1585 proxyto => 'node',
1586 protected => 1, # qemu pid files are only readable by root
1587 description => "Get virtual machine status.",
1588 permissions => {
1589 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1590 },
1591 parameters => {
1592 additionalProperties => 0,
1593 properties => {
1594 node => get_standard_option('pve-node'),
1595 vmid => get_standard_option('pve-vmid'),
1596 },
1597 },
1598 returns => { type => 'object' },
1599 code => sub {
1600 my ($param) = @_;
1601
1602 # test if VM exists
1603 my $conf = PVE::QemuServer::load_config($param->{vmid});
1604
1605 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1606 my $status = $vmstatus->{$param->{vmid}};
1607
1608 $status->{ha} = &$vm_is_ha_managed($param->{vmid});
1609
1610 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1611
1612 return $status;
1613 }});
1614
1615 __PACKAGE__->register_method({
1616 name => 'vm_start',
1617 path => '{vmid}/status/start',
1618 method => 'POST',
1619 protected => 1,
1620 proxyto => 'node',
1621 description => "Start virtual machine.",
1622 permissions => {
1623 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1624 },
1625 parameters => {
1626 additionalProperties => 0,
1627 properties => {
1628 node => get_standard_option('pve-node'),
1629 vmid => get_standard_option('pve-vmid'),
1630 skiplock => get_standard_option('skiplock'),
1631 stateuri => get_standard_option('pve-qm-stateuri'),
1632 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1633 machine => get_standard_option('pve-qm-machine'),
1634 },
1635 },
1636 returns => {
1637 type => 'string',
1638 },
1639 code => sub {
1640 my ($param) = @_;
1641
1642 my $rpcenv = PVE::RPCEnvironment::get();
1643
1644 my $authuser = $rpcenv->get_user();
1645
1646 my $node = extract_param($param, 'node');
1647
1648 my $vmid = extract_param($param, 'vmid');
1649
1650 my $machine = extract_param($param, 'machine');
1651
1652 my $stateuri = extract_param($param, 'stateuri');
1653 raise_param_exc({ stateuri => "Only root may use this option." })
1654 if $stateuri && $authuser ne 'root@pam';
1655
1656 my $skiplock = extract_param($param, 'skiplock');
1657 raise_param_exc({ skiplock => "Only root may use this option." })
1658 if $skiplock && $authuser ne 'root@pam';
1659
1660 my $migratedfrom = extract_param($param, 'migratedfrom');
1661 raise_param_exc({ migratedfrom => "Only root may use this option." })
1662 if $migratedfrom && $authuser ne 'root@pam';
1663
1664 # read spice ticket from STDIN
1665 my $spice_ticket;
1666 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1667 if (defined(my $line = <>)) {
1668 chomp $line;
1669 $spice_ticket = $line;
1670 }
1671 }
1672
1673 my $storecfg = PVE::Storage::config();
1674
1675 if (&$vm_is_ha_managed($vmid) && !$stateuri &&
1676 $rpcenv->{type} ne 'ha') {
1677
1678 my $hacmd = sub {
1679 my $upid = shift;
1680
1681 my $service = "pvevm:$vmid";
1682
1683 my $cmd = ['clusvcadm', '-e', $service, '-m', $node];
1684
1685 print "Executing HA start for VM $vmid\n";
1686
1687 PVE::Tools::run_command($cmd);
1688
1689 return;
1690 };
1691
1692 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1693
1694 } else {
1695
1696 my $realcmd = sub {
1697 my $upid = shift;
1698
1699 syslog('info', "start VM $vmid: $upid\n");
1700
1701 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1702 $machine, $spice_ticket);
1703
1704 return;
1705 };
1706
1707 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1708 }
1709 }});
1710
1711 __PACKAGE__->register_method({
1712 name => 'vm_stop',
1713 path => '{vmid}/status/stop',
1714 method => 'POST',
1715 protected => 1,
1716 proxyto => 'node',
1717 description => "Stop virtual machine.",
1718 permissions => {
1719 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1720 },
1721 parameters => {
1722 additionalProperties => 0,
1723 properties => {
1724 node => get_standard_option('pve-node'),
1725 vmid => get_standard_option('pve-vmid'),
1726 skiplock => get_standard_option('skiplock'),
1727 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1728 timeout => {
1729 description => "Wait maximal timeout seconds.",
1730 type => 'integer',
1731 minimum => 0,
1732 optional => 1,
1733 },
1734 keepActive => {
1735 description => "Do not decativate storage volumes.",
1736 type => 'boolean',
1737 optional => 1,
1738 default => 0,
1739 }
1740 },
1741 },
1742 returns => {
1743 type => 'string',
1744 },
1745 code => sub {
1746 my ($param) = @_;
1747
1748 my $rpcenv = PVE::RPCEnvironment::get();
1749
1750 my $authuser = $rpcenv->get_user();
1751
1752 my $node = extract_param($param, 'node');
1753
1754 my $vmid = extract_param($param, 'vmid');
1755
1756 my $skiplock = extract_param($param, 'skiplock');
1757 raise_param_exc({ skiplock => "Only root may use this option." })
1758 if $skiplock && $authuser ne 'root@pam';
1759
1760 my $keepActive = extract_param($param, 'keepActive');
1761 raise_param_exc({ keepActive => "Only root may use this option." })
1762 if $keepActive && $authuser ne 'root@pam';
1763
1764 my $migratedfrom = extract_param($param, 'migratedfrom');
1765 raise_param_exc({ migratedfrom => "Only root may use this option." })
1766 if $migratedfrom && $authuser ne 'root@pam';
1767
1768
1769 my $storecfg = PVE::Storage::config();
1770
1771 if (&$vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1772
1773 my $hacmd = sub {
1774 my $upid = shift;
1775
1776 my $service = "pvevm:$vmid";
1777
1778 my $cmd = ['clusvcadm', '-d', $service];
1779
1780 print "Executing HA stop for VM $vmid\n";
1781
1782 PVE::Tools::run_command($cmd);
1783
1784 return;
1785 };
1786
1787 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1788
1789 } else {
1790 my $realcmd = sub {
1791 my $upid = shift;
1792
1793 syslog('info', "stop VM $vmid: $upid\n");
1794
1795 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1796 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1797
1798 return;
1799 };
1800
1801 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1802 }
1803 }});
1804
1805 __PACKAGE__->register_method({
1806 name => 'vm_reset',
1807 path => '{vmid}/status/reset',
1808 method => 'POST',
1809 protected => 1,
1810 proxyto => 'node',
1811 description => "Reset virtual machine.",
1812 permissions => {
1813 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1814 },
1815 parameters => {
1816 additionalProperties => 0,
1817 properties => {
1818 node => get_standard_option('pve-node'),
1819 vmid => get_standard_option('pve-vmid'),
1820 skiplock => get_standard_option('skiplock'),
1821 },
1822 },
1823 returns => {
1824 type => 'string',
1825 },
1826 code => sub {
1827 my ($param) = @_;
1828
1829 my $rpcenv = PVE::RPCEnvironment::get();
1830
1831 my $authuser = $rpcenv->get_user();
1832
1833 my $node = extract_param($param, 'node');
1834
1835 my $vmid = extract_param($param, 'vmid');
1836
1837 my $skiplock = extract_param($param, 'skiplock');
1838 raise_param_exc({ skiplock => "Only root may use this option." })
1839 if $skiplock && $authuser ne 'root@pam';
1840
1841 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1842
1843 my $realcmd = sub {
1844 my $upid = shift;
1845
1846 PVE::QemuServer::vm_reset($vmid, $skiplock);
1847
1848 return;
1849 };
1850
1851 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1852 }});
1853
1854 __PACKAGE__->register_method({
1855 name => 'vm_shutdown',
1856 path => '{vmid}/status/shutdown',
1857 method => 'POST',
1858 protected => 1,
1859 proxyto => 'node',
1860 description => "Shutdown virtual machine.",
1861 permissions => {
1862 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1863 },
1864 parameters => {
1865 additionalProperties => 0,
1866 properties => {
1867 node => get_standard_option('pve-node'),
1868 vmid => get_standard_option('pve-vmid'),
1869 skiplock => get_standard_option('skiplock'),
1870 timeout => {
1871 description => "Wait maximal timeout seconds.",
1872 type => 'integer',
1873 minimum => 0,
1874 optional => 1,
1875 },
1876 forceStop => {
1877 description => "Make sure the VM stops.",
1878 type => 'boolean',
1879 optional => 1,
1880 default => 0,
1881 },
1882 keepActive => {
1883 description => "Do not decativate storage volumes.",
1884 type => 'boolean',
1885 optional => 1,
1886 default => 0,
1887 }
1888 },
1889 },
1890 returns => {
1891 type => 'string',
1892 },
1893 code => sub {
1894 my ($param) = @_;
1895
1896 my $rpcenv = PVE::RPCEnvironment::get();
1897
1898 my $authuser = $rpcenv->get_user();
1899
1900 my $node = extract_param($param, 'node');
1901
1902 my $vmid = extract_param($param, 'vmid');
1903
1904 my $skiplock = extract_param($param, 'skiplock');
1905 raise_param_exc({ skiplock => "Only root may use this option." })
1906 if $skiplock && $authuser ne 'root@pam';
1907
1908 my $keepActive = extract_param($param, 'keepActive');
1909 raise_param_exc({ keepActive => "Only root may use this option." })
1910 if $keepActive && $authuser ne 'root@pam';
1911
1912 my $storecfg = PVE::Storage::config();
1913
1914 my $realcmd = sub {
1915 my $upid = shift;
1916
1917 syslog('info', "shutdown VM $vmid: $upid\n");
1918
1919 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1920 1, $param->{forceStop}, $keepActive);
1921
1922 return;
1923 };
1924
1925 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1926 }});
1927
1928 __PACKAGE__->register_method({
1929 name => 'vm_suspend',
1930 path => '{vmid}/status/suspend',
1931 method => 'POST',
1932 protected => 1,
1933 proxyto => 'node',
1934 description => "Suspend virtual machine.",
1935 permissions => {
1936 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1937 },
1938 parameters => {
1939 additionalProperties => 0,
1940 properties => {
1941 node => get_standard_option('pve-node'),
1942 vmid => get_standard_option('pve-vmid'),
1943 skiplock => get_standard_option('skiplock'),
1944 },
1945 },
1946 returns => {
1947 type => 'string',
1948 },
1949 code => sub {
1950 my ($param) = @_;
1951
1952 my $rpcenv = PVE::RPCEnvironment::get();
1953
1954 my $authuser = $rpcenv->get_user();
1955
1956 my $node = extract_param($param, 'node');
1957
1958 my $vmid = extract_param($param, 'vmid');
1959
1960 my $skiplock = extract_param($param, 'skiplock');
1961 raise_param_exc({ skiplock => "Only root may use this option." })
1962 if $skiplock && $authuser ne 'root@pam';
1963
1964 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1965
1966 my $realcmd = sub {
1967 my $upid = shift;
1968
1969 syslog('info', "suspend VM $vmid: $upid\n");
1970
1971 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1972
1973 return;
1974 };
1975
1976 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1977 }});
1978
1979 __PACKAGE__->register_method({
1980 name => 'vm_resume',
1981 path => '{vmid}/status/resume',
1982 method => 'POST',
1983 protected => 1,
1984 proxyto => 'node',
1985 description => "Resume virtual machine.",
1986 permissions => {
1987 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1988 },
1989 parameters => {
1990 additionalProperties => 0,
1991 properties => {
1992 node => get_standard_option('pve-node'),
1993 vmid => get_standard_option('pve-vmid'),
1994 skiplock => get_standard_option('skiplock'),
1995 },
1996 },
1997 returns => {
1998 type => 'string',
1999 },
2000 code => sub {
2001 my ($param) = @_;
2002
2003 my $rpcenv = PVE::RPCEnvironment::get();
2004
2005 my $authuser = $rpcenv->get_user();
2006
2007 my $node = extract_param($param, 'node');
2008
2009 my $vmid = extract_param($param, 'vmid');
2010
2011 my $skiplock = extract_param($param, 'skiplock');
2012 raise_param_exc({ skiplock => "Only root may use this option." })
2013 if $skiplock && $authuser ne 'root@pam';
2014
2015 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2016
2017 my $realcmd = sub {
2018 my $upid = shift;
2019
2020 syslog('info', "resume VM $vmid: $upid\n");
2021
2022 PVE::QemuServer::vm_resume($vmid, $skiplock);
2023
2024 return;
2025 };
2026
2027 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2028 }});
2029
2030 __PACKAGE__->register_method({
2031 name => 'vm_sendkey',
2032 path => '{vmid}/sendkey',
2033 method => 'PUT',
2034 protected => 1,
2035 proxyto => 'node',
2036 description => "Send key event to virtual machine.",
2037 permissions => {
2038 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2039 },
2040 parameters => {
2041 additionalProperties => 0,
2042 properties => {
2043 node => get_standard_option('pve-node'),
2044 vmid => get_standard_option('pve-vmid'),
2045 skiplock => get_standard_option('skiplock'),
2046 key => {
2047 description => "The key (qemu monitor encoding).",
2048 type => 'string'
2049 }
2050 },
2051 },
2052 returns => { type => 'null'},
2053 code => sub {
2054 my ($param) = @_;
2055
2056 my $rpcenv = PVE::RPCEnvironment::get();
2057
2058 my $authuser = $rpcenv->get_user();
2059
2060 my $node = extract_param($param, 'node');
2061
2062 my $vmid = extract_param($param, 'vmid');
2063
2064 my $skiplock = extract_param($param, 'skiplock');
2065 raise_param_exc({ skiplock => "Only root may use this option." })
2066 if $skiplock && $authuser ne 'root@pam';
2067
2068 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2069
2070 return;
2071 }});
2072
2073 __PACKAGE__->register_method({
2074 name => 'vm_feature',
2075 path => '{vmid}/feature',
2076 method => 'GET',
2077 proxyto => 'node',
2078 protected => 1,
2079 description => "Check if feature for virtual machine is available.",
2080 permissions => {
2081 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2082 },
2083 parameters => {
2084 additionalProperties => 0,
2085 properties => {
2086 node => get_standard_option('pve-node'),
2087 vmid => get_standard_option('pve-vmid'),
2088 feature => {
2089 description => "Feature to check.",
2090 type => 'string',
2091 enum => [ 'snapshot', 'clone', 'copy' ],
2092 },
2093 snapname => get_standard_option('pve-snapshot-name', {
2094 optional => 1,
2095 }),
2096 },
2097 },
2098 returns => {
2099 type => "object",
2100 properties => {
2101 hasFeature => { type => 'boolean' },
2102 nodes => {
2103 type => 'array',
2104 items => { type => 'string' },
2105 }
2106 },
2107 },
2108 code => sub {
2109 my ($param) = @_;
2110
2111 my $node = extract_param($param, 'node');
2112
2113 my $vmid = extract_param($param, 'vmid');
2114
2115 my $snapname = extract_param($param, 'snapname');
2116
2117 my $feature = extract_param($param, 'feature');
2118
2119 my $running = PVE::QemuServer::check_running($vmid);
2120
2121 my $conf = PVE::QemuServer::load_config($vmid);
2122
2123 if($snapname){
2124 my $snap = $conf->{snapshots}->{$snapname};
2125 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2126 $conf = $snap;
2127 }
2128 my $storecfg = PVE::Storage::config();
2129
2130 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2131 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2132
2133 return {
2134 hasFeature => $hasFeature,
2135 nodes => [ keys %$nodelist ],
2136 };
2137 }});
2138
2139 __PACKAGE__->register_method({
2140 name => 'clone_vm',
2141 path => '{vmid}/clone',
2142 method => 'POST',
2143 protected => 1,
2144 proxyto => 'node',
2145 description => "Create a copy of virtual machine/template.",
2146 permissions => {
2147 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2148 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2149 "'Datastore.AllocateSpace' on any used storage.",
2150 check =>
2151 [ 'and',
2152 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2153 [ 'or',
2154 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2155 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2156 ],
2157 ]
2158 },
2159 parameters => {
2160 additionalProperties => 0,
2161 properties => {
2162 node => get_standard_option('pve-node'),
2163 vmid => get_standard_option('pve-vmid'),
2164 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2165 name => {
2166 optional => 1,
2167 type => 'string', format => 'dns-name',
2168 description => "Set a name for the new VM.",
2169 },
2170 description => {
2171 optional => 1,
2172 type => 'string',
2173 description => "Description for the new VM.",
2174 },
2175 pool => {
2176 optional => 1,
2177 type => 'string', format => 'pve-poolid',
2178 description => "Add the new VM to the specified pool.",
2179 },
2180 snapname => get_standard_option('pve-snapshot-name', {
2181 optional => 1,
2182 }),
2183 storage => get_standard_option('pve-storage-id', {
2184 description => "Target storage for full clone.",
2185 requires => 'full',
2186 optional => 1,
2187 }),
2188 'format' => {
2189 description => "Target format for file storage.",
2190 requires => 'full',
2191 type => 'string',
2192 optional => 1,
2193 enum => [ 'raw', 'qcow2', 'vmdk'],
2194 },
2195 full => {
2196 optional => 1,
2197 type => 'boolean',
2198 description => "Create a full copy of all disk. This is always done when " .
2199 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2200 default => 0,
2201 },
2202 target => get_standard_option('pve-node', {
2203 description => "Target node. Only allowed if the original VM is on shared storage.",
2204 optional => 1,
2205 }),
2206 },
2207 },
2208 returns => {
2209 type => 'string',
2210 },
2211 code => sub {
2212 my ($param) = @_;
2213
2214 my $rpcenv = PVE::RPCEnvironment::get();
2215
2216 my $authuser = $rpcenv->get_user();
2217
2218 my $node = extract_param($param, 'node');
2219
2220 my $vmid = extract_param($param, 'vmid');
2221
2222 my $newid = extract_param($param, 'newid');
2223
2224 my $pool = extract_param($param, 'pool');
2225
2226 if (defined($pool)) {
2227 $rpcenv->check_pool_exist($pool);
2228 }
2229
2230 my $snapname = extract_param($param, 'snapname');
2231
2232 my $storage = extract_param($param, 'storage');
2233
2234 my $format = extract_param($param, 'format');
2235
2236 my $target = extract_param($param, 'target');
2237
2238 my $localnode = PVE::INotify::nodename();
2239
2240 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2241
2242 PVE::Cluster::check_node_exists($target) if $target;
2243
2244 my $storecfg = PVE::Storage::config();
2245
2246 if ($storage) {
2247 # check if storage is enabled on local node
2248 PVE::Storage::storage_check_enabled($storecfg, $storage);
2249 if ($target) {
2250 # check if storage is available on target node
2251 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2252 # clone only works if target storage is shared
2253 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2254 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2255 }
2256 }
2257
2258 PVE::Cluster::check_cfs_quorum();
2259
2260 my $running = PVE::QemuServer::check_running($vmid) || 0;
2261
2262 # exclusive lock if VM is running - else shared lock is enough;
2263 my $shared_lock = $running ? 0 : 1;
2264
2265 my $clonefn = sub {
2266
2267 # do all tests after lock
2268 # we also try to do all tests before we fork the worker
2269
2270 my $conf = PVE::QemuServer::load_config($vmid);
2271
2272 PVE::QemuServer::check_lock($conf);
2273
2274 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2275
2276 die "unexpected state change\n" if $verify_running != $running;
2277
2278 die "snapshot '$snapname' does not exist\n"
2279 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2280
2281 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2282
2283 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2284
2285 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2286
2287 my $conffile = PVE::QemuServer::config_file($newid);
2288
2289 die "unable to create VM $newid: config file already exists\n"
2290 if -f $conffile;
2291
2292 my $newconf = { lock => 'clone' };
2293 my $drives = {};
2294 my $vollist = [];
2295
2296 foreach my $opt (keys %$oldconf) {
2297 my $value = $oldconf->{$opt};
2298
2299 # do not copy snapshot related info
2300 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2301 $opt eq 'vmstate' || $opt eq 'snapstate';
2302
2303 # always change MAC! address
2304 if ($opt =~ m/^net(\d+)$/) {
2305 my $net = PVE::QemuServer::parse_net($value);
2306 $net->{macaddr} = PVE::Tools::random_ether_addr();
2307 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2308 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2309 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2310 die "unable to parse drive options for '$opt'\n" if !$drive;
2311 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2312 $newconf->{$opt} = $value; # simply copy configuration
2313 } else {
2314 if ($param->{full}) {
2315 die "Full clone feature is not available"
2316 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2317 $drive->{full} = 1;
2318 } else {
2319 # not full means clone instead of copy
2320 die "Linked clone feature is not available"
2321 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2322 }
2323 $drives->{$opt} = $drive;
2324 push @$vollist, $drive->{file};
2325 }
2326 } else {
2327 # copy everything else
2328 $newconf->{$opt} = $value;
2329 }
2330 }
2331
2332 # auto generate a new uuid
2333 my ($uuid, $uuid_str);
2334 UUID::generate($uuid);
2335 UUID::unparse($uuid, $uuid_str);
2336 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2337 $smbios1->{uuid} = $uuid_str;
2338 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2339
2340 delete $newconf->{template};
2341
2342 if ($param->{name}) {
2343 $newconf->{name} = $param->{name};
2344 } else {
2345 if ($oldconf->{name}) {
2346 $newconf->{name} = "Copy-of-$oldconf->{name}";
2347 } else {
2348 $newconf->{name} = "Copy-of-VM-$vmid";
2349 }
2350 }
2351
2352 if ($param->{description}) {
2353 $newconf->{description} = $param->{description};
2354 }
2355
2356 # create empty/temp config - this fails if VM already exists on other node
2357 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2358
2359 my $realcmd = sub {
2360 my $upid = shift;
2361
2362 my $newvollist = [];
2363
2364 eval {
2365 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2366
2367 PVE::Storage::activate_volumes($storecfg, $vollist);
2368
2369 foreach my $opt (keys %$drives) {
2370 my $drive = $drives->{$opt};
2371
2372 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2373 $newid, $storage, $format, $drive->{full}, $newvollist);
2374
2375 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2376
2377 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2378 }
2379
2380 delete $newconf->{lock};
2381 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2382
2383 if ($target) {
2384 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2385 PVE::Storage::deactivate_volumes($storecfg, $vollist);
2386
2387 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2388 die "Failed to move config to node '$target' - rename failed: $!\n"
2389 if !rename($conffile, $newconffile);
2390 }
2391
2392 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2393 };
2394 if (my $err = $@) {
2395 unlink $conffile;
2396
2397 sleep 1; # some storage like rbd need to wait before release volume - really?
2398
2399 foreach my $volid (@$newvollist) {
2400 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2401 warn $@ if $@;
2402 }
2403 die "clone failed: $err";
2404 }
2405
2406 return;
2407 };
2408
2409 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2410 };
2411
2412 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2413 # Aquire exclusive lock lock for $newid
2414 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2415 });
2416
2417 }});
2418
2419 __PACKAGE__->register_method({
2420 name => 'move_vm_disk',
2421 path => '{vmid}/move_disk',
2422 method => 'POST',
2423 protected => 1,
2424 proxyto => 'node',
2425 description => "Move volume to different storage.",
2426 permissions => {
2427 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2428 "and 'Datastore.AllocateSpace' permissions on the storage.",
2429 check =>
2430 [ 'and',
2431 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2432 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2433 ],
2434 },
2435 parameters => {
2436 additionalProperties => 0,
2437 properties => {
2438 node => get_standard_option('pve-node'),
2439 vmid => get_standard_option('pve-vmid'),
2440 disk => {
2441 type => 'string',
2442 description => "The disk you want to move.",
2443 enum => [ PVE::QemuServer::disknames() ],
2444 },
2445 storage => get_standard_option('pve-storage-id', { description => "Target Storage." }),
2446 'format' => {
2447 type => 'string',
2448 description => "Target Format.",
2449 enum => [ 'raw', 'qcow2', 'vmdk' ],
2450 optional => 1,
2451 },
2452 delete => {
2453 type => 'boolean',
2454 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2455 optional => 1,
2456 default => 0,
2457 },
2458 digest => {
2459 type => 'string',
2460 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2461 maxLength => 40,
2462 optional => 1,
2463 },
2464 },
2465 },
2466 returns => {
2467 type => 'string',
2468 description => "the task ID.",
2469 },
2470 code => sub {
2471 my ($param) = @_;
2472
2473 my $rpcenv = PVE::RPCEnvironment::get();
2474
2475 my $authuser = $rpcenv->get_user();
2476
2477 my $node = extract_param($param, 'node');
2478
2479 my $vmid = extract_param($param, 'vmid');
2480
2481 my $digest = extract_param($param, 'digest');
2482
2483 my $disk = extract_param($param, 'disk');
2484
2485 my $storeid = extract_param($param, 'storage');
2486
2487 my $format = extract_param($param, 'format');
2488
2489 my $storecfg = PVE::Storage::config();
2490
2491 my $updatefn = sub {
2492
2493 my $conf = PVE::QemuServer::load_config($vmid);
2494
2495 die "checksum missmatch (file change by other user?)\n"
2496 if $digest && $digest ne $conf->{digest};
2497
2498 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2499
2500 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2501
2502 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2503
2504 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2505
2506 my $oldfmt;
2507 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2508 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2509 $oldfmt = $1;
2510 }
2511
2512 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2513 (!$format || !$oldfmt || $oldfmt eq $format);
2514
2515 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2516
2517 my $running = PVE::QemuServer::check_running($vmid);
2518
2519 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2520
2521 my $realcmd = sub {
2522
2523 my $newvollist = [];
2524
2525 eval {
2526 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2527
2528 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2529 $vmid, $storeid, $format, 1, $newvollist);
2530
2531 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2532
2533 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2534
2535 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2536
2537 eval {
2538 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2539 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2540 if !$running;
2541 };
2542 warn $@ if $@;
2543 };
2544 if (my $err = $@) {
2545
2546 foreach my $volid (@$newvollist) {
2547 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2548 warn $@ if $@;
2549 }
2550 die "storage migration failed: $err";
2551 }
2552
2553 if ($param->{delete}) {
2554 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
2555 my $path = PVE::Storage::path($storecfg, $old_volid);
2556 if ($used_paths->{$path}){
2557 warn "volume $old_volid have snapshots. Can't delete it\n";
2558 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2559 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2560 } else {
2561 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2562 warn $@ if $@;
2563 }
2564 }
2565 };
2566
2567 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2568 };
2569
2570 return PVE::QemuServer::lock_config($vmid, $updatefn);
2571 }});
2572
2573 __PACKAGE__->register_method({
2574 name => 'migrate_vm',
2575 path => '{vmid}/migrate',
2576 method => 'POST',
2577 protected => 1,
2578 proxyto => 'node',
2579 description => "Migrate virtual machine. Creates a new migration task.",
2580 permissions => {
2581 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2582 },
2583 parameters => {
2584 additionalProperties => 0,
2585 properties => {
2586 node => get_standard_option('pve-node'),
2587 vmid => get_standard_option('pve-vmid'),
2588 target => get_standard_option('pve-node', { description => "Target node." }),
2589 online => {
2590 type => 'boolean',
2591 description => "Use online/live migration.",
2592 optional => 1,
2593 },
2594 force => {
2595 type => 'boolean',
2596 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2597 optional => 1,
2598 },
2599 },
2600 },
2601 returns => {
2602 type => 'string',
2603 description => "the task ID.",
2604 },
2605 code => sub {
2606 my ($param) = @_;
2607
2608 my $rpcenv = PVE::RPCEnvironment::get();
2609
2610 my $authuser = $rpcenv->get_user();
2611
2612 my $target = extract_param($param, 'target');
2613
2614 my $localnode = PVE::INotify::nodename();
2615 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2616
2617 PVE::Cluster::check_cfs_quorum();
2618
2619 PVE::Cluster::check_node_exists($target);
2620
2621 my $targetip = PVE::Cluster::remote_node_ip($target);
2622
2623 my $vmid = extract_param($param, 'vmid');
2624
2625 raise_param_exc({ force => "Only root may use this option." })
2626 if $param->{force} && $authuser ne 'root@pam';
2627
2628 # test if VM exists
2629 my $conf = PVE::QemuServer::load_config($vmid);
2630
2631 # try to detect errors early
2632
2633 PVE::QemuServer::check_lock($conf);
2634
2635 if (PVE::QemuServer::check_running($vmid)) {
2636 die "cant migrate running VM without --online\n"
2637 if !$param->{online};
2638 }
2639
2640 my $storecfg = PVE::Storage::config();
2641 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2642
2643 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2644
2645 my $hacmd = sub {
2646 my $upid = shift;
2647
2648 my $service = "pvevm:$vmid";
2649
2650 my $cmd = ['clusvcadm', '-M', $service, '-m', $target];
2651
2652 print "Executing HA migrate for VM $vmid to node $target\n";
2653
2654 PVE::Tools::run_command($cmd);
2655
2656 return;
2657 };
2658
2659 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2660
2661 } else {
2662
2663 my $realcmd = sub {
2664 my $upid = shift;
2665
2666 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2667 };
2668
2669 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2670 }
2671
2672 }});
2673
2674 __PACKAGE__->register_method({
2675 name => 'monitor',
2676 path => '{vmid}/monitor',
2677 method => 'POST',
2678 protected => 1,
2679 proxyto => 'node',
2680 description => "Execute Qemu monitor commands.",
2681 permissions => {
2682 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2683 },
2684 parameters => {
2685 additionalProperties => 0,
2686 properties => {
2687 node => get_standard_option('pve-node'),
2688 vmid => get_standard_option('pve-vmid'),
2689 command => {
2690 type => 'string',
2691 description => "The monitor command.",
2692 }
2693 },
2694 },
2695 returns => { type => 'string'},
2696 code => sub {
2697 my ($param) = @_;
2698
2699 my $vmid = $param->{vmid};
2700
2701 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2702
2703 my $res = '';
2704 eval {
2705 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2706 };
2707 $res = "ERROR: $@" if $@;
2708
2709 return $res;
2710 }});
2711
2712 __PACKAGE__->register_method({
2713 name => 'resize_vm',
2714 path => '{vmid}/resize',
2715 method => 'PUT',
2716 protected => 1,
2717 proxyto => 'node',
2718 description => "Extend volume size.",
2719 permissions => {
2720 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2721 },
2722 parameters => {
2723 additionalProperties => 0,
2724 properties => {
2725 node => get_standard_option('pve-node'),
2726 vmid => get_standard_option('pve-vmid'),
2727 skiplock => get_standard_option('skiplock'),
2728 disk => {
2729 type => 'string',
2730 description => "The disk you want to resize.",
2731 enum => [PVE::QemuServer::disknames()],
2732 },
2733 size => {
2734 type => 'string',
2735 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2736 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2737 },
2738 digest => {
2739 type => 'string',
2740 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2741 maxLength => 40,
2742 optional => 1,
2743 },
2744 },
2745 },
2746 returns => { type => 'null'},
2747 code => sub {
2748 my ($param) = @_;
2749
2750 my $rpcenv = PVE::RPCEnvironment::get();
2751
2752 my $authuser = $rpcenv->get_user();
2753
2754 my $node = extract_param($param, 'node');
2755
2756 my $vmid = extract_param($param, 'vmid');
2757
2758 my $digest = extract_param($param, 'digest');
2759
2760 my $disk = extract_param($param, 'disk');
2761
2762 my $sizestr = extract_param($param, 'size');
2763
2764 my $skiplock = extract_param($param, 'skiplock');
2765 raise_param_exc({ skiplock => "Only root may use this option." })
2766 if $skiplock && $authuser ne 'root@pam';
2767
2768 my $storecfg = PVE::Storage::config();
2769
2770 my $updatefn = sub {
2771
2772 my $conf = PVE::QemuServer::load_config($vmid);
2773
2774 die "checksum missmatch (file change by other user?)\n"
2775 if $digest && $digest ne $conf->{digest};
2776 PVE::QemuServer::check_lock($conf) if !$skiplock;
2777
2778 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2779
2780 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2781
2782 my $volid = $drive->{file};
2783
2784 die "disk '$disk' has no associated volume\n" if !$volid;
2785
2786 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2787
2788 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2789
2790 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2791
2792 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2793
2794 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2795 my ($ext, $newsize, $unit) = ($1, $2, $4);
2796 if ($unit) {
2797 if ($unit eq 'K') {
2798 $newsize = $newsize * 1024;
2799 } elsif ($unit eq 'M') {
2800 $newsize = $newsize * 1024 * 1024;
2801 } elsif ($unit eq 'G') {
2802 $newsize = $newsize * 1024 * 1024 * 1024;
2803 } elsif ($unit eq 'T') {
2804 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2805 }
2806 }
2807 $newsize += $size if $ext;
2808 $newsize = int($newsize);
2809
2810 die "unable to skrink disk size\n" if $newsize < $size;
2811
2812 return if $size == $newsize;
2813
2814 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2815
2816 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2817
2818 $drive->{size} = $newsize;
2819 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2820
2821 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2822 };
2823
2824 PVE::QemuServer::lock_config($vmid, $updatefn);
2825 return undef;
2826 }});
2827
2828 __PACKAGE__->register_method({
2829 name => 'snapshot_list',
2830 path => '{vmid}/snapshot',
2831 method => 'GET',
2832 description => "List all snapshots.",
2833 permissions => {
2834 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2835 },
2836 proxyto => 'node',
2837 protected => 1, # qemu pid files are only readable by root
2838 parameters => {
2839 additionalProperties => 0,
2840 properties => {
2841 vmid => get_standard_option('pve-vmid'),
2842 node => get_standard_option('pve-node'),
2843 },
2844 },
2845 returns => {
2846 type => 'array',
2847 items => {
2848 type => "object",
2849 properties => {},
2850 },
2851 links => [ { rel => 'child', href => "{name}" } ],
2852 },
2853 code => sub {
2854 my ($param) = @_;
2855
2856 my $vmid = $param->{vmid};
2857
2858 my $conf = PVE::QemuServer::load_config($vmid);
2859 my $snaphash = $conf->{snapshots} || {};
2860
2861 my $res = [];
2862
2863 foreach my $name (keys %$snaphash) {
2864 my $d = $snaphash->{$name};
2865 my $item = {
2866 name => $name,
2867 snaptime => $d->{snaptime} || 0,
2868 vmstate => $d->{vmstate} ? 1 : 0,
2869 description => $d->{description} || '',
2870 };
2871 $item->{parent} = $d->{parent} if $d->{parent};
2872 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2873 push @$res, $item;
2874 }
2875
2876 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2877 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2878 $current->{parent} = $conf->{parent} if $conf->{parent};
2879
2880 push @$res, $current;
2881
2882 return $res;
2883 }});
2884
2885 __PACKAGE__->register_method({
2886 name => 'snapshot',
2887 path => '{vmid}/snapshot',
2888 method => 'POST',
2889 protected => 1,
2890 proxyto => 'node',
2891 description => "Snapshot a VM.",
2892 permissions => {
2893 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2894 },
2895 parameters => {
2896 additionalProperties => 0,
2897 properties => {
2898 node => get_standard_option('pve-node'),
2899 vmid => get_standard_option('pve-vmid'),
2900 snapname => get_standard_option('pve-snapshot-name'),
2901 vmstate => {
2902 optional => 1,
2903 type => 'boolean',
2904 description => "Save the vmstate",
2905 },
2906 description => {
2907 optional => 1,
2908 type => 'string',
2909 description => "A textual description or comment.",
2910 },
2911 },
2912 },
2913 returns => {
2914 type => 'string',
2915 description => "the task ID.",
2916 },
2917 code => sub {
2918 my ($param) = @_;
2919
2920 my $rpcenv = PVE::RPCEnvironment::get();
2921
2922 my $authuser = $rpcenv->get_user();
2923
2924 my $node = extract_param($param, 'node');
2925
2926 my $vmid = extract_param($param, 'vmid');
2927
2928 my $snapname = extract_param($param, 'snapname');
2929
2930 die "unable to use snapshot name 'current' (reserved name)\n"
2931 if $snapname eq 'current';
2932
2933 my $realcmd = sub {
2934 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2935 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2936 $param->{description});
2937 };
2938
2939 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2940 }});
2941
2942 __PACKAGE__->register_method({
2943 name => 'snapshot_cmd_idx',
2944 path => '{vmid}/snapshot/{snapname}',
2945 description => '',
2946 method => 'GET',
2947 permissions => {
2948 user => 'all',
2949 },
2950 parameters => {
2951 additionalProperties => 0,
2952 properties => {
2953 vmid => get_standard_option('pve-vmid'),
2954 node => get_standard_option('pve-node'),
2955 snapname => get_standard_option('pve-snapshot-name'),
2956 },
2957 },
2958 returns => {
2959 type => 'array',
2960 items => {
2961 type => "object",
2962 properties => {},
2963 },
2964 links => [ { rel => 'child', href => "{cmd}" } ],
2965 },
2966 code => sub {
2967 my ($param) = @_;
2968
2969 my $res = [];
2970
2971 push @$res, { cmd => 'rollback' };
2972 push @$res, { cmd => 'config' };
2973
2974 return $res;
2975 }});
2976
2977 __PACKAGE__->register_method({
2978 name => 'update_snapshot_config',
2979 path => '{vmid}/snapshot/{snapname}/config',
2980 method => 'PUT',
2981 protected => 1,
2982 proxyto => 'node',
2983 description => "Update snapshot metadata.",
2984 permissions => {
2985 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2986 },
2987 parameters => {
2988 additionalProperties => 0,
2989 properties => {
2990 node => get_standard_option('pve-node'),
2991 vmid => get_standard_option('pve-vmid'),
2992 snapname => get_standard_option('pve-snapshot-name'),
2993 description => {
2994 optional => 1,
2995 type => 'string',
2996 description => "A textual description or comment.",
2997 },
2998 },
2999 },
3000 returns => { type => 'null' },
3001 code => sub {
3002 my ($param) = @_;
3003
3004 my $rpcenv = PVE::RPCEnvironment::get();
3005
3006 my $authuser = $rpcenv->get_user();
3007
3008 my $vmid = extract_param($param, 'vmid');
3009
3010 my $snapname = extract_param($param, 'snapname');
3011
3012 return undef if !defined($param->{description});
3013
3014 my $updatefn = sub {
3015
3016 my $conf = PVE::QemuServer::load_config($vmid);
3017
3018 PVE::QemuServer::check_lock($conf);
3019
3020 my $snap = $conf->{snapshots}->{$snapname};
3021
3022 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3023
3024 $snap->{description} = $param->{description} if defined($param->{description});
3025
3026 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3027 };
3028
3029 PVE::QemuServer::lock_config($vmid, $updatefn);
3030
3031 return undef;
3032 }});
3033
3034 __PACKAGE__->register_method({
3035 name => 'get_snapshot_config',
3036 path => '{vmid}/snapshot/{snapname}/config',
3037 method => 'GET',
3038 proxyto => 'node',
3039 description => "Get snapshot configuration",
3040 permissions => {
3041 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3042 },
3043 parameters => {
3044 additionalProperties => 0,
3045 properties => {
3046 node => get_standard_option('pve-node'),
3047 vmid => get_standard_option('pve-vmid'),
3048 snapname => get_standard_option('pve-snapshot-name'),
3049 },
3050 },
3051 returns => { type => "object" },
3052 code => sub {
3053 my ($param) = @_;
3054
3055 my $rpcenv = PVE::RPCEnvironment::get();
3056
3057 my $authuser = $rpcenv->get_user();
3058
3059 my $vmid = extract_param($param, 'vmid');
3060
3061 my $snapname = extract_param($param, 'snapname');
3062
3063 my $conf = PVE::QemuServer::load_config($vmid);
3064
3065 my $snap = $conf->{snapshots}->{$snapname};
3066
3067 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3068
3069 return $snap;
3070 }});
3071
3072 __PACKAGE__->register_method({
3073 name => 'rollback',
3074 path => '{vmid}/snapshot/{snapname}/rollback',
3075 method => 'POST',
3076 protected => 1,
3077 proxyto => 'node',
3078 description => "Rollback VM state to specified snapshot.",
3079 permissions => {
3080 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3081 },
3082 parameters => {
3083 additionalProperties => 0,
3084 properties => {
3085 node => get_standard_option('pve-node'),
3086 vmid => get_standard_option('pve-vmid'),
3087 snapname => get_standard_option('pve-snapshot-name'),
3088 },
3089 },
3090 returns => {
3091 type => 'string',
3092 description => "the task ID.",
3093 },
3094 code => sub {
3095 my ($param) = @_;
3096
3097 my $rpcenv = PVE::RPCEnvironment::get();
3098
3099 my $authuser = $rpcenv->get_user();
3100
3101 my $node = extract_param($param, 'node');
3102
3103 my $vmid = extract_param($param, 'vmid');
3104
3105 my $snapname = extract_param($param, 'snapname');
3106
3107 my $realcmd = sub {
3108 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3109 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3110 };
3111
3112 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3113 }});
3114
3115 __PACKAGE__->register_method({
3116 name => 'delsnapshot',
3117 path => '{vmid}/snapshot/{snapname}',
3118 method => 'DELETE',
3119 protected => 1,
3120 proxyto => 'node',
3121 description => "Delete a VM snapshot.",
3122 permissions => {
3123 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3124 },
3125 parameters => {
3126 additionalProperties => 0,
3127 properties => {
3128 node => get_standard_option('pve-node'),
3129 vmid => get_standard_option('pve-vmid'),
3130 snapname => get_standard_option('pve-snapshot-name'),
3131 force => {
3132 optional => 1,
3133 type => 'boolean',
3134 description => "For removal from config file, even if removing disk snapshots fails.",
3135 },
3136 },
3137 },
3138 returns => {
3139 type => 'string',
3140 description => "the task ID.",
3141 },
3142 code => sub {
3143 my ($param) = @_;
3144
3145 my $rpcenv = PVE::RPCEnvironment::get();
3146
3147 my $authuser = $rpcenv->get_user();
3148
3149 my $node = extract_param($param, 'node');
3150
3151 my $vmid = extract_param($param, 'vmid');
3152
3153 my $snapname = extract_param($param, 'snapname');
3154
3155 my $realcmd = sub {
3156 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3157 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3158 };
3159
3160 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3161 }});
3162
3163 __PACKAGE__->register_method({
3164 name => 'template',
3165 path => '{vmid}/template',
3166 method => 'POST',
3167 protected => 1,
3168 proxyto => 'node',
3169 description => "Create a Template.",
3170 permissions => {
3171 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3172 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3173 },
3174 parameters => {
3175 additionalProperties => 0,
3176 properties => {
3177 node => get_standard_option('pve-node'),
3178 vmid => get_standard_option('pve-vmid'),
3179 disk => {
3180 optional => 1,
3181 type => 'string',
3182 description => "If you want to convert only 1 disk to base image.",
3183 enum => [PVE::QemuServer::disknames()],
3184 },
3185
3186 },
3187 },
3188 returns => { type => 'null'},
3189 code => sub {
3190 my ($param) = @_;
3191
3192 my $rpcenv = PVE::RPCEnvironment::get();
3193
3194 my $authuser = $rpcenv->get_user();
3195
3196 my $node = extract_param($param, 'node');
3197
3198 my $vmid = extract_param($param, 'vmid');
3199
3200 my $disk = extract_param($param, 'disk');
3201
3202 my $updatefn = sub {
3203
3204 my $conf = PVE::QemuServer::load_config($vmid);
3205
3206 PVE::QemuServer::check_lock($conf);
3207
3208 die "unable to create template, because VM contains snapshots\n"
3209 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3210
3211 die "you can't convert a template to a template\n"
3212 if PVE::QemuServer::is_template($conf) && !$disk;
3213
3214 die "you can't convert a VM to template if VM is running\n"
3215 if PVE::QemuServer::check_running($vmid);
3216
3217 my $realcmd = sub {
3218 PVE::QemuServer::template_create($vmid, $conf, $disk);
3219 };
3220
3221 $conf->{template} = 1;
3222 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3223
3224 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3225 };
3226
3227 PVE::QemuServer::lock_config($vmid, $updatefn);
3228 return undef;
3229 }});
3230
3231 1;
Virtual Machine Manager