]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix PVE::HA use clause so HA resources get registered
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuServer;
17 use PVE::QemuMigrate;
18 use PVE::RPCEnvironment;
19 use PVE::AccessControl;
20 use PVE::INotify;
21 use PVE::Network;
22 use PVE::Firewall;
23 use PVE::API2::Firewall::VM;
24 use PVE::HA::Env::PVE2;
25 use PVE::HA::Config;
26
27 use Data::Dumper; # fixme: remove
28
29 use base qw(PVE::RESTHandler);
30
31 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
32
33 my $resolve_cdrom_alias = sub {
34 my $param = shift;
35
36 if (my $value = $param->{cdrom}) {
37 $value .= ",media=cdrom" if $value !~ m/media=/;
38 $param->{ide2} = $value;
39 delete $param->{cdrom};
40 }
41 };
42
43 my $check_storage_access = sub {
44 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
45
46 PVE::QemuServer::foreach_drive($settings, sub {
47 my ($ds, $drive) = @_;
48
49 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
50
51 my $volid = $drive->{file};
52
53 if (!$volid || $volid eq 'none') {
54 # nothing to check
55 } elsif ($isCDROM && ($volid eq 'cdrom')) {
56 $rpcenv->check($authuser, "/", ['Sys.Console']);
57 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
58 my ($storeid, $size) = ($2 || $default_storage, $3);
59 die "no storage ID specified (and no default storage)\n" if !$storeid;
60 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
61 } else {
62 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
63 }
64 });
65 };
66
67 my $check_storage_access_clone = sub {
68 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
69
70 my $sharedvm = 1;
71
72 PVE::QemuServer::foreach_drive($conf, sub {
73 my ($ds, $drive) = @_;
74
75 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
76
77 my $volid = $drive->{file};
78
79 return if !$volid || $volid eq 'none';
80
81 if ($isCDROM) {
82 if ($volid eq 'cdrom') {
83 $rpcenv->check($authuser, "/", ['Sys.Console']);
84 } else {
85 # we simply allow access
86 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
87 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
88 $sharedvm = 0 if !$scfg->{shared};
89
90 }
91 } else {
92 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
93 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
94 $sharedvm = 0 if !$scfg->{shared};
95
96 $sid = $storage if $storage;
97 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
98 }
99 });
100
101 return $sharedvm;
102 };
103
104 # Note: $pool is only needed when creating a VM, because pool permissions
105 # are automatically inherited if VM already exists inside a pool.
106 my $create_disks = sub {
107 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
108
109 my $vollist = [];
110
111 my $res = {};
112 PVE::QemuServer::foreach_drive($settings, sub {
113 my ($ds, $disk) = @_;
114
115 my $volid = $disk->{file};
116
117 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
118 delete $disk->{size};
119 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
120 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
121 my ($storeid, $size) = ($2 || $default_storage, $3);
122 die "no storage ID specified (and no default storage)\n" if !$storeid;
123 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
124 my $fmt = $disk->{format} || $defformat;
125 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
126 $fmt, undef, $size*1024*1024);
127 $disk->{file} = $volid;
128 $disk->{size} = $size*1024*1024*1024;
129 push @$vollist, $volid;
130 delete $disk->{format}; # no longer needed
131 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
132 } else {
133
134 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
135
136 my $volid_is_new = 1;
137
138 if ($conf->{$ds}) {
139 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
140 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
141 }
142
143 if ($volid_is_new) {
144
145 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
146
147 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
148
149 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
150
151 die "volume $volid does not exists\n" if !$size;
152
153 $disk->{size} = $size;
154 }
155
156 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
157 }
158 });
159
160 # free allocated images on error
161 if (my $err = $@) {
162 syslog('err', "VM $vmid creating disks failed");
163 foreach my $volid (@$vollist) {
164 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
165 warn $@ if $@;
166 }
167 die $err;
168 }
169
170 # modify vm config if everything went well
171 foreach my $ds (keys %$res) {
172 $conf->{$ds} = $res->{$ds};
173 }
174
175 return $vollist;
176 };
177
178 my $check_vm_modify_config_perm = sub {
179 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
180
181 return 1 if $authuser eq 'root@pam';
182
183 foreach my $opt (@$key_list) {
184 # disk checks need to be done somewhere else
185 next if PVE::QemuServer::valid_drivename($opt);
186
187 if ($opt eq 'sockets' || $opt eq 'cores' ||
188 $opt eq 'cpu' || $opt eq 'smp' || $opt eq 'vcpus' ||
189 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
190 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
191 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
192 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
193 } elsif ($opt eq 'args' || $opt eq 'lock') {
194 die "only root can set '$opt' config\n";
195 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
196 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet' || $opt eq 'smbios1') {
197 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
198 } elsif ($opt =~ m/^net\d+$/) {
199 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
200 } else {
201 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
202 }
203 }
204
205 return 1;
206 };
207
208 my $check_protection = sub {
209 my ($vm_conf, $err_msg) = @_;
210
211 if ($vm_conf->{protection}) {
212 die "$err_msg - protection mode enabled\n";
213 }
214 };
215
216 __PACKAGE__->register_method({
217 name => 'vmlist',
218 path => '',
219 method => 'GET',
220 description => "Virtual machine index (per node).",
221 permissions => {
222 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
223 user => 'all',
224 },
225 proxyto => 'node',
226 protected => 1, # qemu pid files are only readable by root
227 parameters => {
228 additionalProperties => 0,
229 properties => {
230 node => get_standard_option('pve-node'),
231 },
232 },
233 returns => {
234 type => 'array',
235 items => {
236 type => "object",
237 properties => {},
238 },
239 links => [ { rel => 'child', href => "{vmid}" } ],
240 },
241 code => sub {
242 my ($param) = @_;
243
244 my $rpcenv = PVE::RPCEnvironment::get();
245 my $authuser = $rpcenv->get_user();
246
247 my $vmstatus = PVE::QemuServer::vmstatus();
248
249 my $res = [];
250 foreach my $vmid (keys %$vmstatus) {
251 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
252
253 my $data = $vmstatus->{$vmid};
254 $data->{vmid} = int($vmid);
255 push @$res, $data;
256 }
257
258 return $res;
259 }});
260
261
262
263 __PACKAGE__->register_method({
264 name => 'create_vm',
265 path => '',
266 method => 'POST',
267 description => "Create or restore a virtual machine.",
268 permissions => {
269 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
270 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
271 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
272 user => 'all', # check inside
273 },
274 protected => 1,
275 proxyto => 'node',
276 parameters => {
277 additionalProperties => 0,
278 properties => PVE::QemuServer::json_config_properties(
279 {
280 node => get_standard_option('pve-node'),
281 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
282 archive => {
283 description => "The backup file.",
284 type => 'string',
285 optional => 1,
286 maxLength => 255,
287 completion => \&PVE::QemuServer::complete_backup_archives,
288 },
289 storage => get_standard_option('pve-storage-id', {
290 description => "Default storage.",
291 optional => 1,
292 completion => \&PVE::QemuServer::complete_storage,
293 }),
294 force => {
295 optional => 1,
296 type => 'boolean',
297 description => "Allow to overwrite existing VM.",
298 requires => 'archive',
299 },
300 unique => {
301 optional => 1,
302 type => 'boolean',
303 description => "Assign a unique random ethernet address.",
304 requires => 'archive',
305 },
306 pool => {
307 optional => 1,
308 type => 'string', format => 'pve-poolid',
309 description => "Add the VM to the specified pool.",
310 },
311 }),
312 },
313 returns => {
314 type => 'string',
315 },
316 code => sub {
317 my ($param) = @_;
318
319 my $rpcenv = PVE::RPCEnvironment::get();
320
321 my $authuser = $rpcenv->get_user();
322
323 my $node = extract_param($param, 'node');
324
325 my $vmid = extract_param($param, 'vmid');
326
327 my $archive = extract_param($param, 'archive');
328
329 my $storage = extract_param($param, 'storage');
330
331 my $force = extract_param($param, 'force');
332
333 my $unique = extract_param($param, 'unique');
334
335 my $pool = extract_param($param, 'pool');
336
337 my $filename = PVE::QemuServer::config_file($vmid);
338
339 my $storecfg = PVE::Storage::config();
340
341 PVE::Cluster::check_cfs_quorum();
342
343 if (defined($pool)) {
344 $rpcenv->check_pool_exist($pool);
345 }
346
347 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
348 if defined($storage);
349
350 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
351 # OK
352 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
353 # OK
354 } elsif ($archive && $force && (-f $filename) &&
355 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
356 # OK: user has VM.Backup permissions, and want to restore an existing VM
357 } else {
358 raise_perm_exc();
359 }
360
361 if (!$archive) {
362 &$resolve_cdrom_alias($param);
363
364 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
365
366 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
367
368 foreach my $opt (keys %$param) {
369 if (PVE::QemuServer::valid_drivename($opt)) {
370 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
371 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
372
373 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
374 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
375 }
376 }
377
378 PVE::QemuServer::add_random_macs($param);
379 } else {
380 my $keystr = join(' ', keys %$param);
381 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
382
383 if ($archive eq '-') {
384 die "pipe requires cli environment\n"
385 if $rpcenv->{type} ne 'cli';
386 } else {
387 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
388 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
389 }
390 }
391
392 my $restorefn = sub {
393 my $vmlist = PVE::Cluster::get_vmlist();
394 if ($vmlist->{ids}->{$vmid}) {
395 my $current_node = $vmlist->{ids}->{$vmid}->{node};
396 if ($current_node eq $node) {
397 my $conf = PVE::QemuServer::load_config($vmid);
398
399 &$check_protection($conf, "unable to restore VM $vmid");
400
401 die "unable to restore vm $vmid - config file already exists\n"
402 if !$force;
403
404 die "unable to restore vm $vmid - vm is running\n"
405 if PVE::QemuServer::check_running($vmid);
406 } else {
407 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
408 }
409 }
410
411 my $realcmd = sub {
412 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
413 storage => $storage,
414 pool => $pool,
415 unique => $unique });
416
417 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
418 };
419
420 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
421 };
422
423 my $createfn = sub {
424
425 # test after locking
426 PVE::Cluster::check_vmid_unused($vmid);
427
428 my $realcmd = sub {
429
430 my $vollist = [];
431
432 my $conf = $param;
433
434 eval {
435
436 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
437
438 # try to be smart about bootdisk
439 my @disks = PVE::QemuServer::disknames();
440 my $firstdisk;
441 foreach my $ds (reverse @disks) {
442 next if !$conf->{$ds};
443 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
444 next if PVE::QemuServer::drive_is_cdrom($disk);
445 $firstdisk = $ds;
446 }
447
448 if (!$conf->{bootdisk} && $firstdisk) {
449 $conf->{bootdisk} = $firstdisk;
450 }
451
452 # auto generate uuid if user did not specify smbios1 option
453 if (!$conf->{smbios1}) {
454 my ($uuid, $uuid_str);
455 UUID::generate($uuid);
456 UUID::unparse($uuid, $uuid_str);
457 $conf->{smbios1} = "uuid=$uuid_str";
458 }
459
460 PVE::QemuServer::update_config_nolock($vmid, $conf);
461
462 };
463 my $err = $@;
464
465 if ($err) {
466 foreach my $volid (@$vollist) {
467 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
468 warn $@ if $@;
469 }
470 die "create failed - $err";
471 }
472
473 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
474 };
475
476 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
477 };
478
479 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
480 }});
481
482 __PACKAGE__->register_method({
483 name => 'vmdiridx',
484 path => '{vmid}',
485 method => 'GET',
486 proxyto => 'node',
487 description => "Directory index",
488 permissions => {
489 user => 'all',
490 },
491 parameters => {
492 additionalProperties => 0,
493 properties => {
494 node => get_standard_option('pve-node'),
495 vmid => get_standard_option('pve-vmid'),
496 },
497 },
498 returns => {
499 type => 'array',
500 items => {
501 type => "object",
502 properties => {
503 subdir => { type => 'string' },
504 },
505 },
506 links => [ { rel => 'child', href => "{subdir}" } ],
507 },
508 code => sub {
509 my ($param) = @_;
510
511 my $res = [
512 { subdir => 'config' },
513 { subdir => 'pending' },
514 { subdir => 'status' },
515 { subdir => 'unlink' },
516 { subdir => 'vncproxy' },
517 { subdir => 'migrate' },
518 { subdir => 'resize' },
519 { subdir => 'move' },
520 { subdir => 'rrd' },
521 { subdir => 'rrddata' },
522 { subdir => 'monitor' },
523 { subdir => 'snapshot' },
524 { subdir => 'spiceproxy' },
525 { subdir => 'sendkey' },
526 { subdir => 'firewall' },
527 ];
528
529 return $res;
530 }});
531
532 __PACKAGE__->register_method ({
533 subclass => "PVE::API2::Firewall::VM",
534 path => '{vmid}/firewall',
535 });
536
537 __PACKAGE__->register_method({
538 name => 'rrd',
539 path => '{vmid}/rrd',
540 method => 'GET',
541 protected => 1, # fixme: can we avoid that?
542 permissions => {
543 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
544 },
545 description => "Read VM RRD statistics (returns PNG)",
546 parameters => {
547 additionalProperties => 0,
548 properties => {
549 node => get_standard_option('pve-node'),
550 vmid => get_standard_option('pve-vmid'),
551 timeframe => {
552 description => "Specify the time frame you are interested in.",
553 type => 'string',
554 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
555 },
556 ds => {
557 description => "The list of datasources you want to display.",
558 type => 'string', format => 'pve-configid-list',
559 },
560 cf => {
561 description => "The RRD consolidation function",
562 type => 'string',
563 enum => [ 'AVERAGE', 'MAX' ],
564 optional => 1,
565 },
566 },
567 },
568 returns => {
569 type => "object",
570 properties => {
571 filename => { type => 'string' },
572 },
573 },
574 code => sub {
575 my ($param) = @_;
576
577 return PVE::Cluster::create_rrd_graph(
578 "pve2-vm/$param->{vmid}", $param->{timeframe},
579 $param->{ds}, $param->{cf});
580
581 }});
582
583 __PACKAGE__->register_method({
584 name => 'rrddata',
585 path => '{vmid}/rrddata',
586 method => 'GET',
587 protected => 1, # fixme: can we avoid that?
588 permissions => {
589 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
590 },
591 description => "Read VM RRD statistics",
592 parameters => {
593 additionalProperties => 0,
594 properties => {
595 node => get_standard_option('pve-node'),
596 vmid => get_standard_option('pve-vmid'),
597 timeframe => {
598 description => "Specify the time frame you are interested in.",
599 type => 'string',
600 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
601 },
602 cf => {
603 description => "The RRD consolidation function",
604 type => 'string',
605 enum => [ 'AVERAGE', 'MAX' ],
606 optional => 1,
607 },
608 },
609 },
610 returns => {
611 type => "array",
612 items => {
613 type => "object",
614 properties => {},
615 },
616 },
617 code => sub {
618 my ($param) = @_;
619
620 return PVE::Cluster::create_rrd_data(
621 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
622 }});
623
624
625 __PACKAGE__->register_method({
626 name => 'vm_config',
627 path => '{vmid}/config',
628 method => 'GET',
629 proxyto => 'node',
630 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
631 permissions => {
632 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
633 },
634 parameters => {
635 additionalProperties => 0,
636 properties => {
637 node => get_standard_option('pve-node'),
638 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
639 current => {
640 description => "Get current values (instead of pending values).",
641 optional => 1,
642 default => 0,
643 type => 'boolean',
644 },
645 },
646 },
647 returns => {
648 type => "object",
649 properties => {
650 digest => {
651 type => 'string',
652 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
653 }
654 },
655 },
656 code => sub {
657 my ($param) = @_;
658
659 my $conf = PVE::QemuServer::load_config($param->{vmid});
660
661 delete $conf->{snapshots};
662
663 if (!$param->{current}) {
664 foreach my $opt (keys %{$conf->{pending}}) {
665 next if $opt eq 'delete';
666 my $value = $conf->{pending}->{$opt};
667 next if ref($value); # just to be sure
668 $conf->{$opt} = $value;
669 }
670 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
671 foreach my $opt (keys %$pending_delete_hash) {
672 delete $conf->{$opt} if $conf->{$opt};
673 }
674 }
675
676 delete $conf->{pending};
677
678 return $conf;
679 }});
680
681 __PACKAGE__->register_method({
682 name => 'vm_pending',
683 path => '{vmid}/pending',
684 method => 'GET',
685 proxyto => 'node',
686 description => "Get virtual machine configuration, including pending changes.",
687 permissions => {
688 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
689 },
690 parameters => {
691 additionalProperties => 0,
692 properties => {
693 node => get_standard_option('pve-node'),
694 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
695 },
696 },
697 returns => {
698 type => "array",
699 items => {
700 type => "object",
701 properties => {
702 key => {
703 description => "Configuration option name.",
704 type => 'string',
705 },
706 value => {
707 description => "Current value.",
708 type => 'string',
709 optional => 1,
710 },
711 pending => {
712 description => "Pending value.",
713 type => 'string',
714 optional => 1,
715 },
716 delete => {
717 description => "Indicates a pending delete request if present and not 0. " .
718 "The value 2 indicates a force-delete request.",
719 type => 'integer',
720 minimum => 0,
721 maximum => 2,
722 optional => 1,
723 },
724 },
725 },
726 },
727 code => sub {
728 my ($param) = @_;
729
730 my $conf = PVE::QemuServer::load_config($param->{vmid});
731
732 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
733
734 my $res = [];
735
736 foreach my $opt (keys %$conf) {
737 next if ref($conf->{$opt});
738 my $item = { key => $opt };
739 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
740 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
741 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
742 push @$res, $item;
743 }
744
745 foreach my $opt (keys %{$conf->{pending}}) {
746 next if $opt eq 'delete';
747 next if ref($conf->{pending}->{$opt}); # just to be sure
748 next if defined($conf->{$opt});
749 my $item = { key => $opt };
750 $item->{pending} = $conf->{pending}->{$opt};
751 push @$res, $item;
752 }
753
754 while (my ($opt, $force) = each %$pending_delete_hash) {
755 next if $conf->{pending}->{$opt}; # just to be sure
756 next if $conf->{$opt};
757 my $item = { key => $opt, delete => ($force ? 2 : 1)};
758 push @$res, $item;
759 }
760
761 return $res;
762 }});
763
764 # POST/PUT {vmid}/config implementation
765 #
766 # The original API used PUT (idempotent) an we assumed that all operations
767 # are fast. But it turned out that almost any configuration change can
768 # involve hot-plug actions, or disk alloc/free. Such actions can take long
769 # time to complete and have side effects (not idempotent).
770 #
771 # The new implementation uses POST and forks a worker process. We added
772 # a new option 'background_delay'. If specified we wait up to
773 # 'background_delay' second for the worker task to complete. It returns null
774 # if the task is finished within that time, else we return the UPID.
775
776 my $update_vm_api = sub {
777 my ($param, $sync) = @_;
778
779 my $rpcenv = PVE::RPCEnvironment::get();
780
781 my $authuser = $rpcenv->get_user();
782
783 my $node = extract_param($param, 'node');
784
785 my $vmid = extract_param($param, 'vmid');
786
787 my $digest = extract_param($param, 'digest');
788
789 my $background_delay = extract_param($param, 'background_delay');
790
791 my @paramarr = (); # used for log message
792 foreach my $key (keys %$param) {
793 push @paramarr, "-$key", $param->{$key};
794 }
795
796 my $skiplock = extract_param($param, 'skiplock');
797 raise_param_exc({ skiplock => "Only root may use this option." })
798 if $skiplock && $authuser ne 'root@pam';
799
800 my $delete_str = extract_param($param, 'delete');
801
802 my $revert_str = extract_param($param, 'revert');
803
804 my $force = extract_param($param, 'force');
805
806 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
807
808 my $storecfg = PVE::Storage::config();
809
810 my $defaults = PVE::QemuServer::load_defaults();
811
812 &$resolve_cdrom_alias($param);
813
814 # now try to verify all parameters
815
816 my $revert = {};
817 foreach my $opt (PVE::Tools::split_list($revert_str)) {
818 if (!PVE::QemuServer::option_exists($opt)) {
819 raise_param_exc({ revert => "unknown option '$opt'" });
820 }
821
822 raise_param_exc({ delete => "you can't use '-$opt' and " .
823 "-revert $opt' at the same time" })
824 if defined($param->{$opt});
825
826 $revert->{$opt} = 1;
827 }
828
829 my @delete = ();
830 foreach my $opt (PVE::Tools::split_list($delete_str)) {
831 $opt = 'ide2' if $opt eq 'cdrom';
832
833 raise_param_exc({ delete => "you can't use '-$opt' and " .
834 "-delete $opt' at the same time" })
835 if defined($param->{$opt});
836
837 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
838 "-revert $opt' at the same time" })
839 if $revert->{$opt};
840
841 if (!PVE::QemuServer::option_exists($opt)) {
842 raise_param_exc({ delete => "unknown option '$opt'" });
843 }
844
845 push @delete, $opt;
846 }
847
848 foreach my $opt (keys %$param) {
849 if (PVE::QemuServer::valid_drivename($opt)) {
850 # cleanup drive path
851 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
852 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
853 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
854 } elsif ($opt =~ m/^net(\d+)$/) {
855 # add macaddr
856 my $net = PVE::QemuServer::parse_net($param->{$opt});
857 $param->{$opt} = PVE::QemuServer::print_net($net);
858 }
859 }
860
861 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
862
863 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
864
865 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
866
867 my $updatefn = sub {
868
869 my $conf = PVE::QemuServer::load_config($vmid);
870
871 die "checksum missmatch (file change by other user?)\n"
872 if $digest && $digest ne $conf->{digest};
873
874 PVE::QemuServer::check_lock($conf) if !$skiplock;
875
876 foreach my $opt (keys %$revert) {
877 if (defined($conf->{$opt})) {
878 $param->{$opt} = $conf->{$opt};
879 } elsif (defined($conf->{pending}->{$opt})) {
880 push @delete, $opt;
881 }
882 }
883
884 if ($param->{memory} || defined($param->{balloon})) {
885 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
886 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
887
888 die "balloon value too large (must be smaller than assigned memory)\n"
889 if $balloon && $balloon > $maxmem;
890 }
891
892 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
893
894 my $worker = sub {
895
896 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
897
898 # write updates to pending section
899
900 my $modified = {}; # record what $option we modify
901
902 foreach my $opt (@delete) {
903 $modified->{$opt} = 1;
904 $conf = PVE::QemuServer::load_config($vmid); # update/reload
905 if ($opt =~ m/^unused/) {
906 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
907 &$check_protection($conf, "can't remove unused disk '$drive->{file}'");
908 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
909 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
910 delete $conf->{$opt};
911 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
912 }
913 } elsif (PVE::QemuServer::valid_drivename($opt)) {
914 &$check_protection($conf, "can't remove drive '$opt'");
915 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
916 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
917 if defined($conf->{pending}->{$opt});
918 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
919 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
920 } else {
921 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
922 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
923 }
924 }
925
926 foreach my $opt (keys %$param) { # add/change
927 $modified->{$opt} = 1;
928 $conf = PVE::QemuServer::load_config($vmid); # update/reload
929 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
930
931 if (PVE::QemuServer::valid_drivename($opt)) {
932 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
933 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
934 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
935 } else {
936 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
937 }
938 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
939 if defined($conf->{pending}->{$opt});
940
941 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
942 } else {
943 $conf->{pending}->{$opt} = $param->{$opt};
944 }
945 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
946 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
947 }
948
949 # remove pending changes when nothing changed
950 $conf = PVE::QemuServer::load_config($vmid); # update/reload
951 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
952 PVE::QemuServer::update_config_nolock($vmid, $conf, 1) if $changes;
953
954 return if !scalar(keys %{$conf->{pending}});
955
956 my $running = PVE::QemuServer::check_running($vmid);
957
958 # apply pending changes
959
960 $conf = PVE::QemuServer::load_config($vmid); # update/reload
961
962 if ($running) {
963 my $errors = {};
964 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
965 raise_param_exc($errors) if scalar(keys %$errors);
966 } else {
967 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
968 }
969
970 return;
971 };
972
973 if ($sync) {
974 &$worker();
975 return undef;
976 } else {
977 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
978
979 if ($background_delay) {
980
981 # Note: It would be better to do that in the Event based HTTPServer
982 # to avoid blocking call to sleep.
983
984 my $end_time = time() + $background_delay;
985
986 my $task = PVE::Tools::upid_decode($upid);
987
988 my $running = 1;
989 while (time() < $end_time) {
990 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
991 last if !$running;
992 sleep(1); # this gets interrupted when child process ends
993 }
994
995 if (!$running) {
996 my $status = PVE::Tools::upid_read_status($upid);
997 return undef if $status eq 'OK';
998 die $status;
999 }
1000 }
1001
1002 return $upid;
1003 }
1004 };
1005
1006 return PVE::QemuServer::lock_config($vmid, $updatefn);
1007 };
1008
1009 my $vm_config_perm_list = [
1010 'VM.Config.Disk',
1011 'VM.Config.CDROM',
1012 'VM.Config.CPU',
1013 'VM.Config.Memory',
1014 'VM.Config.Network',
1015 'VM.Config.HWType',
1016 'VM.Config.Options',
1017 ];
1018
1019 __PACKAGE__->register_method({
1020 name => 'update_vm_async',
1021 path => '{vmid}/config',
1022 method => 'POST',
1023 protected => 1,
1024 proxyto => 'node',
1025 description => "Set virtual machine options (asynchrounous API).",
1026 permissions => {
1027 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1028 },
1029 parameters => {
1030 additionalProperties => 0,
1031 properties => PVE::QemuServer::json_config_properties(
1032 {
1033 node => get_standard_option('pve-node'),
1034 vmid => get_standard_option('pve-vmid'),
1035 skiplock => get_standard_option('skiplock'),
1036 delete => {
1037 type => 'string', format => 'pve-configid-list',
1038 description => "A list of settings you want to delete.",
1039 optional => 1,
1040 },
1041 revert => {
1042 type => 'string', format => 'pve-configid-list',
1043 description => "Revert a pending change.",
1044 optional => 1,
1045 },
1046 force => {
1047 type => 'boolean',
1048 description => $opt_force_description,
1049 optional => 1,
1050 requires => 'delete',
1051 },
1052 digest => {
1053 type => 'string',
1054 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1055 maxLength => 40,
1056 optional => 1,
1057 },
1058 background_delay => {
1059 type => 'integer',
1060 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1061 minimum => 1,
1062 maximum => 30,
1063 optional => 1,
1064 },
1065 }),
1066 },
1067 returns => {
1068 type => 'string',
1069 optional => 1,
1070 },
1071 code => $update_vm_api,
1072 });
1073
1074 __PACKAGE__->register_method({
1075 name => 'update_vm',
1076 path => '{vmid}/config',
1077 method => 'PUT',
1078 protected => 1,
1079 proxyto => 'node',
1080 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1081 permissions => {
1082 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1083 },
1084 parameters => {
1085 additionalProperties => 0,
1086 properties => PVE::QemuServer::json_config_properties(
1087 {
1088 node => get_standard_option('pve-node'),
1089 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1090 skiplock => get_standard_option('skiplock'),
1091 delete => {
1092 type => 'string', format => 'pve-configid-list',
1093 description => "A list of settings you want to delete.",
1094 optional => 1,
1095 },
1096 revert => {
1097 type => 'string', format => 'pve-configid-list',
1098 description => "Revert a pending change.",
1099 optional => 1,
1100 },
1101 force => {
1102 type => 'boolean',
1103 description => $opt_force_description,
1104 optional => 1,
1105 requires => 'delete',
1106 },
1107 digest => {
1108 type => 'string',
1109 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1110 maxLength => 40,
1111 optional => 1,
1112 },
1113 }),
1114 },
1115 returns => { type => 'null' },
1116 code => sub {
1117 my ($param) = @_;
1118 &$update_vm_api($param, 1);
1119 return undef;
1120 }
1121 });
1122
1123
1124 __PACKAGE__->register_method({
1125 name => 'destroy_vm',
1126 path => '{vmid}',
1127 method => 'DELETE',
1128 protected => 1,
1129 proxyto => 'node',
1130 description => "Destroy the vm (also delete all used/owned volumes).",
1131 permissions => {
1132 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1133 },
1134 parameters => {
1135 additionalProperties => 0,
1136 properties => {
1137 node => get_standard_option('pve-node'),
1138 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1139 skiplock => get_standard_option('skiplock'),
1140 },
1141 },
1142 returns => {
1143 type => 'string',
1144 },
1145 code => sub {
1146 my ($param) = @_;
1147
1148 my $rpcenv = PVE::RPCEnvironment::get();
1149
1150 my $authuser = $rpcenv->get_user();
1151
1152 my $vmid = $param->{vmid};
1153
1154 my $skiplock = $param->{skiplock};
1155 raise_param_exc({ skiplock => "Only root may use this option." })
1156 if $skiplock && $authuser ne 'root@pam';
1157
1158 # test if VM exists
1159 my $conf = PVE::QemuServer::load_config($vmid);
1160
1161 my $storecfg = PVE::Storage::config();
1162
1163 &$check_protection($conf, "can't remove VM $vmid");
1164
1165 die "unable to remove VM $vmid - used in HA resources\n"
1166 if PVE::HA::Config::vm_is_ha_managed($vmid);
1167
1168 # early tests (repeat after locking)
1169 die "VM $vmid is running - destroy failed\n"
1170 if PVE::QemuServer::check_running($vmid);
1171
1172 my $realcmd = sub {
1173 my $upid = shift;
1174
1175 syslog('info', "destroy VM $vmid: $upid\n");
1176
1177 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1178
1179 PVE::AccessControl::remove_vm_access($vmid);
1180
1181 PVE::Firewall::remove_vmfw_conf($vmid);
1182 };
1183
1184 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1185 }});
1186
1187 __PACKAGE__->register_method({
1188 name => 'unlink',
1189 path => '{vmid}/unlink',
1190 method => 'PUT',
1191 protected => 1,
1192 proxyto => 'node',
1193 description => "Unlink/delete disk images.",
1194 permissions => {
1195 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1196 },
1197 parameters => {
1198 additionalProperties => 0,
1199 properties => {
1200 node => get_standard_option('pve-node'),
1201 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1202 idlist => {
1203 type => 'string', format => 'pve-configid-list',
1204 description => "A list of disk IDs you want to delete.",
1205 },
1206 force => {
1207 type => 'boolean',
1208 description => $opt_force_description,
1209 optional => 1,
1210 },
1211 },
1212 },
1213 returns => { type => 'null'},
1214 code => sub {
1215 my ($param) = @_;
1216
1217 $param->{delete} = extract_param($param, 'idlist');
1218
1219 __PACKAGE__->update_vm($param);
1220
1221 return undef;
1222 }});
1223
1224 my $sslcert;
1225
1226 __PACKAGE__->register_method({
1227 name => 'vncproxy',
1228 path => '{vmid}/vncproxy',
1229 method => 'POST',
1230 protected => 1,
1231 permissions => {
1232 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1233 },
1234 description => "Creates a TCP VNC proxy connections.",
1235 parameters => {
1236 additionalProperties => 0,
1237 properties => {
1238 node => get_standard_option('pve-node'),
1239 vmid => get_standard_option('pve-vmid'),
1240 websocket => {
1241 optional => 1,
1242 type => 'boolean',
1243 description => "starts websockify instead of vncproxy",
1244 },
1245 },
1246 },
1247 returns => {
1248 additionalProperties => 0,
1249 properties => {
1250 user => { type => 'string' },
1251 ticket => { type => 'string' },
1252 cert => { type => 'string' },
1253 port => { type => 'integer' },
1254 upid => { type => 'string' },
1255 },
1256 },
1257 code => sub {
1258 my ($param) = @_;
1259
1260 my $rpcenv = PVE::RPCEnvironment::get();
1261
1262 my $authuser = $rpcenv->get_user();
1263
1264 my $vmid = $param->{vmid};
1265 my $node = $param->{node};
1266 my $websocket = $param->{websocket};
1267
1268 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1269
1270 my $authpath = "/vms/$vmid";
1271
1272 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1273
1274 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1275 if !$sslcert;
1276
1277 my ($remip, $family);
1278 my $remcmd = [];
1279
1280 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1281 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
1282 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1283 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1284 } else {
1285 $family = PVE::Tools::get_host_address_family($node);
1286 }
1287
1288 my $port = PVE::Tools::next_vnc_port($family);
1289
1290 my $timeout = 10;
1291
1292 my $realcmd = sub {
1293 my $upid = shift;
1294
1295 syslog('info', "starting vnc proxy $upid\n");
1296
1297 my $cmd;
1298
1299 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1300
1301 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1302
1303 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1304 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1305 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1306 '-timeout', $timeout, '-authpath', $authpath,
1307 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1308 } else {
1309
1310 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1311
1312 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1313
1314 my $qmstr = join(' ', @$qmcmd);
1315
1316 # also redirect stderr (else we get RFB protocol errors)
1317 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1318 }
1319
1320 PVE::Tools::run_command($cmd);
1321
1322 return;
1323 };
1324
1325 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1326
1327 PVE::Tools::wait_for_vnc_port($port);
1328
1329 return {
1330 user => $authuser,
1331 ticket => $ticket,
1332 port => $port,
1333 upid => $upid,
1334 cert => $sslcert,
1335 };
1336 }});
1337
1338 __PACKAGE__->register_method({
1339 name => 'vncwebsocket',
1340 path => '{vmid}/vncwebsocket',
1341 method => 'GET',
1342 permissions => {
1343 description => "You also need to pass a valid ticket (vncticket).",
1344 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1345 },
1346 description => "Opens a weksocket for VNC traffic.",
1347 parameters => {
1348 additionalProperties => 0,
1349 properties => {
1350 node => get_standard_option('pve-node'),
1351 vmid => get_standard_option('pve-vmid'),
1352 vncticket => {
1353 description => "Ticket from previous call to vncproxy.",
1354 type => 'string',
1355 maxLength => 512,
1356 },
1357 port => {
1358 description => "Port number returned by previous vncproxy call.",
1359 type => 'integer',
1360 minimum => 5900,
1361 maximum => 5999,
1362 },
1363 },
1364 },
1365 returns => {
1366 type => "object",
1367 properties => {
1368 port => { type => 'string' },
1369 },
1370 },
1371 code => sub {
1372 my ($param) = @_;
1373
1374 my $rpcenv = PVE::RPCEnvironment::get();
1375
1376 my $authuser = $rpcenv->get_user();
1377
1378 my $vmid = $param->{vmid};
1379 my $node = $param->{node};
1380
1381 my $authpath = "/vms/$vmid";
1382
1383 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1384
1385 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1386
1387 # Note: VNC ports are acessible from outside, so we do not gain any
1388 # security if we verify that $param->{port} belongs to VM $vmid. This
1389 # check is done by verifying the VNC ticket (inside VNC protocol).
1390
1391 my $port = $param->{port};
1392
1393 return { port => $port };
1394 }});
1395
1396 __PACKAGE__->register_method({
1397 name => 'spiceproxy',
1398 path => '{vmid}/spiceproxy',
1399 method => 'POST',
1400 protected => 1,
1401 proxyto => 'node',
1402 permissions => {
1403 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1404 },
1405 description => "Returns a SPICE configuration to connect to the VM.",
1406 parameters => {
1407 additionalProperties => 0,
1408 properties => {
1409 node => get_standard_option('pve-node'),
1410 vmid => get_standard_option('pve-vmid'),
1411 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1412 },
1413 },
1414 returns => get_standard_option('remote-viewer-config'),
1415 code => sub {
1416 my ($param) = @_;
1417
1418 my $rpcenv = PVE::RPCEnvironment::get();
1419
1420 my $authuser = $rpcenv->get_user();
1421
1422 my $vmid = $param->{vmid};
1423 my $node = $param->{node};
1424 my $proxy = $param->{proxy};
1425
1426 my $conf = PVE::QemuServer::load_config($vmid, $node);
1427 my $title = "VM $vmid";
1428 $title .= " - ". $conf->{name} if $conf->{name};
1429
1430 my $port = PVE::QemuServer::spice_port($vmid);
1431
1432 my ($ticket, undef, $remote_viewer_config) =
1433 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1434
1435 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1436 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1437
1438 return $remote_viewer_config;
1439 }});
1440
1441 __PACKAGE__->register_method({
1442 name => 'vmcmdidx',
1443 path => '{vmid}/status',
1444 method => 'GET',
1445 proxyto => 'node',
1446 description => "Directory index",
1447 permissions => {
1448 user => 'all',
1449 },
1450 parameters => {
1451 additionalProperties => 0,
1452 properties => {
1453 node => get_standard_option('pve-node'),
1454 vmid => get_standard_option('pve-vmid'),
1455 },
1456 },
1457 returns => {
1458 type => 'array',
1459 items => {
1460 type => "object",
1461 properties => {
1462 subdir => { type => 'string' },
1463 },
1464 },
1465 links => [ { rel => 'child', href => "{subdir}" } ],
1466 },
1467 code => sub {
1468 my ($param) = @_;
1469
1470 # test if VM exists
1471 my $conf = PVE::QemuServer::load_config($param->{vmid});
1472
1473 my $res = [
1474 { subdir => 'current' },
1475 { subdir => 'start' },
1476 { subdir => 'stop' },
1477 ];
1478
1479 return $res;
1480 }});
1481
1482 __PACKAGE__->register_method({
1483 name => 'vm_status',
1484 path => '{vmid}/status/current',
1485 method => 'GET',
1486 proxyto => 'node',
1487 protected => 1, # qemu pid files are only readable by root
1488 description => "Get virtual machine status.",
1489 permissions => {
1490 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1491 },
1492 parameters => {
1493 additionalProperties => 0,
1494 properties => {
1495 node => get_standard_option('pve-node'),
1496 vmid => get_standard_option('pve-vmid'),
1497 },
1498 },
1499 returns => { type => 'object' },
1500 code => sub {
1501 my ($param) = @_;
1502
1503 # test if VM exists
1504 my $conf = PVE::QemuServer::load_config($param->{vmid});
1505
1506 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1507 my $status = $vmstatus->{$param->{vmid}};
1508
1509 $status->{ha} = PVE::HA::Config::vm_is_ha_managed($param->{vmid});
1510
1511 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1512
1513 return $status;
1514 }});
1515
1516 __PACKAGE__->register_method({
1517 name => 'vm_start',
1518 path => '{vmid}/status/start',
1519 method => 'POST',
1520 protected => 1,
1521 proxyto => 'node',
1522 description => "Start virtual machine.",
1523 permissions => {
1524 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1525 },
1526 parameters => {
1527 additionalProperties => 0,
1528 properties => {
1529 node => get_standard_option('pve-node'),
1530 vmid => get_standard_option('pve-vmid',
1531 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1532 skiplock => get_standard_option('skiplock'),
1533 stateuri => get_standard_option('pve-qm-stateuri'),
1534 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1535 machine => get_standard_option('pve-qm-machine'),
1536 },
1537 },
1538 returns => {
1539 type => 'string',
1540 },
1541 code => sub {
1542 my ($param) = @_;
1543
1544 my $rpcenv = PVE::RPCEnvironment::get();
1545
1546 my $authuser = $rpcenv->get_user();
1547
1548 my $node = extract_param($param, 'node');
1549
1550 my $vmid = extract_param($param, 'vmid');
1551
1552 my $machine = extract_param($param, 'machine');
1553
1554 my $stateuri = extract_param($param, 'stateuri');
1555 raise_param_exc({ stateuri => "Only root may use this option." })
1556 if $stateuri && $authuser ne 'root@pam';
1557
1558 my $skiplock = extract_param($param, 'skiplock');
1559 raise_param_exc({ skiplock => "Only root may use this option." })
1560 if $skiplock && $authuser ne 'root@pam';
1561
1562 my $migratedfrom = extract_param($param, 'migratedfrom');
1563 raise_param_exc({ migratedfrom => "Only root may use this option." })
1564 if $migratedfrom && $authuser ne 'root@pam';
1565
1566 # read spice ticket from STDIN
1567 my $spice_ticket;
1568 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1569 if (defined(my $line = <>)) {
1570 chomp $line;
1571 $spice_ticket = $line;
1572 }
1573 }
1574
1575 PVE::Cluster::check_cfs_quorum();
1576
1577 my $storecfg = PVE::Storage::config();
1578
1579 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1580 $rpcenv->{type} ne 'ha') {
1581
1582 my $hacmd = sub {
1583 my $upid = shift;
1584
1585 my $service = "vm:$vmid";
1586
1587 my $cmd = ['ha-manager', 'enable', $service];
1588
1589 print "Executing HA start for VM $vmid\n";
1590
1591 PVE::Tools::run_command($cmd);
1592
1593 return;
1594 };
1595
1596 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1597
1598 } else {
1599
1600 my $realcmd = sub {
1601 my $upid = shift;
1602
1603 syslog('info', "start VM $vmid: $upid\n");
1604
1605 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1606 $machine, $spice_ticket);
1607
1608 return;
1609 };
1610
1611 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1612 }
1613 }});
1614
1615 __PACKAGE__->register_method({
1616 name => 'vm_stop',
1617 path => '{vmid}/status/stop',
1618 method => 'POST',
1619 protected => 1,
1620 proxyto => 'node',
1621 description => "Stop virtual machine.",
1622 permissions => {
1623 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1624 },
1625 parameters => {
1626 additionalProperties => 0,
1627 properties => {
1628 node => get_standard_option('pve-node'),
1629 vmid => get_standard_option('pve-vmid',
1630 { completion => \&PVE::QemuServer::complete_vmid_running }),
1631 skiplock => get_standard_option('skiplock'),
1632 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1633 timeout => {
1634 description => "Wait maximal timeout seconds.",
1635 type => 'integer',
1636 minimum => 0,
1637 optional => 1,
1638 },
1639 keepActive => {
1640 description => "Do not decativate storage volumes.",
1641 type => 'boolean',
1642 optional => 1,
1643 default => 0,
1644 }
1645 },
1646 },
1647 returns => {
1648 type => 'string',
1649 },
1650 code => sub {
1651 my ($param) = @_;
1652
1653 my $rpcenv = PVE::RPCEnvironment::get();
1654
1655 my $authuser = $rpcenv->get_user();
1656
1657 my $node = extract_param($param, 'node');
1658
1659 my $vmid = extract_param($param, 'vmid');
1660
1661 my $skiplock = extract_param($param, 'skiplock');
1662 raise_param_exc({ skiplock => "Only root may use this option." })
1663 if $skiplock && $authuser ne 'root@pam';
1664
1665 my $keepActive = extract_param($param, 'keepActive');
1666 raise_param_exc({ keepActive => "Only root may use this option." })
1667 if $keepActive && $authuser ne 'root@pam';
1668
1669 my $migratedfrom = extract_param($param, 'migratedfrom');
1670 raise_param_exc({ migratedfrom => "Only root may use this option." })
1671 if $migratedfrom && $authuser ne 'root@pam';
1672
1673
1674 my $storecfg = PVE::Storage::config();
1675
1676 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1677
1678 my $hacmd = sub {
1679 my $upid = shift;
1680
1681 my $service = "vm:$vmid";
1682
1683 my $cmd = ['ha-manager', 'disable', $service];
1684
1685 print "Executing HA stop for VM $vmid\n";
1686
1687 PVE::Tools::run_command($cmd);
1688
1689 return;
1690 };
1691
1692 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1693
1694 } else {
1695 my $realcmd = sub {
1696 my $upid = shift;
1697
1698 syslog('info', "stop VM $vmid: $upid\n");
1699
1700 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1701 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1702
1703 return;
1704 };
1705
1706 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1707 }
1708 }});
1709
1710 __PACKAGE__->register_method({
1711 name => 'vm_reset',
1712 path => '{vmid}/status/reset',
1713 method => 'POST',
1714 protected => 1,
1715 proxyto => 'node',
1716 description => "Reset virtual machine.",
1717 permissions => {
1718 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1719 },
1720 parameters => {
1721 additionalProperties => 0,
1722 properties => {
1723 node => get_standard_option('pve-node'),
1724 vmid => get_standard_option('pve-vmid',
1725 { completion => \&PVE::QemuServer::complete_vmid_running }),
1726 skiplock => get_standard_option('skiplock'),
1727 },
1728 },
1729 returns => {
1730 type => 'string',
1731 },
1732 code => sub {
1733 my ($param) = @_;
1734
1735 my $rpcenv = PVE::RPCEnvironment::get();
1736
1737 my $authuser = $rpcenv->get_user();
1738
1739 my $node = extract_param($param, 'node');
1740
1741 my $vmid = extract_param($param, 'vmid');
1742
1743 my $skiplock = extract_param($param, 'skiplock');
1744 raise_param_exc({ skiplock => "Only root may use this option." })
1745 if $skiplock && $authuser ne 'root@pam';
1746
1747 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1748
1749 my $realcmd = sub {
1750 my $upid = shift;
1751
1752 PVE::QemuServer::vm_reset($vmid, $skiplock);
1753
1754 return;
1755 };
1756
1757 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1758 }});
1759
1760 __PACKAGE__->register_method({
1761 name => 'vm_shutdown',
1762 path => '{vmid}/status/shutdown',
1763 method => 'POST',
1764 protected => 1,
1765 proxyto => 'node',
1766 description => "Shutdown virtual machine.",
1767 permissions => {
1768 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1769 },
1770 parameters => {
1771 additionalProperties => 0,
1772 properties => {
1773 node => get_standard_option('pve-node'),
1774 vmid => get_standard_option('pve-vmid',
1775 { completion => \&PVE::QemuServer::complete_vmid_running }),
1776 skiplock => get_standard_option('skiplock'),
1777 timeout => {
1778 description => "Wait maximal timeout seconds.",
1779 type => 'integer',
1780 minimum => 0,
1781 optional => 1,
1782 },
1783 forceStop => {
1784 description => "Make sure the VM stops.",
1785 type => 'boolean',
1786 optional => 1,
1787 default => 0,
1788 },
1789 keepActive => {
1790 description => "Do not decativate storage volumes.",
1791 type => 'boolean',
1792 optional => 1,
1793 default => 0,
1794 }
1795 },
1796 },
1797 returns => {
1798 type => 'string',
1799 },
1800 code => sub {
1801 my ($param) = @_;
1802
1803 my $rpcenv = PVE::RPCEnvironment::get();
1804
1805 my $authuser = $rpcenv->get_user();
1806
1807 my $node = extract_param($param, 'node');
1808
1809 my $vmid = extract_param($param, 'vmid');
1810
1811 my $skiplock = extract_param($param, 'skiplock');
1812 raise_param_exc({ skiplock => "Only root may use this option." })
1813 if $skiplock && $authuser ne 'root@pam';
1814
1815 my $keepActive = extract_param($param, 'keepActive');
1816 raise_param_exc({ keepActive => "Only root may use this option." })
1817 if $keepActive && $authuser ne 'root@pam';
1818
1819 my $storecfg = PVE::Storage::config();
1820
1821 my $realcmd = sub {
1822 my $upid = shift;
1823
1824 syslog('info', "shutdown VM $vmid: $upid\n");
1825
1826 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1827 1, $param->{forceStop}, $keepActive);
1828
1829 return;
1830 };
1831
1832 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1833 }});
1834
1835 __PACKAGE__->register_method({
1836 name => 'vm_suspend',
1837 path => '{vmid}/status/suspend',
1838 method => 'POST',
1839 protected => 1,
1840 proxyto => 'node',
1841 description => "Suspend virtual machine.",
1842 permissions => {
1843 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1844 },
1845 parameters => {
1846 additionalProperties => 0,
1847 properties => {
1848 node => get_standard_option('pve-node'),
1849 vmid => get_standard_option('pve-vmid',
1850 { completion => \&PVE::QemuServer::complete_vmid_running }),
1851 skiplock => get_standard_option('skiplock'),
1852 },
1853 },
1854 returns => {
1855 type => 'string',
1856 },
1857 code => sub {
1858 my ($param) = @_;
1859
1860 my $rpcenv = PVE::RPCEnvironment::get();
1861
1862 my $authuser = $rpcenv->get_user();
1863
1864 my $node = extract_param($param, 'node');
1865
1866 my $vmid = extract_param($param, 'vmid');
1867
1868 my $skiplock = extract_param($param, 'skiplock');
1869 raise_param_exc({ skiplock => "Only root may use this option." })
1870 if $skiplock && $authuser ne 'root@pam';
1871
1872 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1873
1874 my $realcmd = sub {
1875 my $upid = shift;
1876
1877 syslog('info', "suspend VM $vmid: $upid\n");
1878
1879 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1880
1881 return;
1882 };
1883
1884 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1885 }});
1886
1887 __PACKAGE__->register_method({
1888 name => 'vm_resume',
1889 path => '{vmid}/status/resume',
1890 method => 'POST',
1891 protected => 1,
1892 proxyto => 'node',
1893 description => "Resume virtual machine.",
1894 permissions => {
1895 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1896 },
1897 parameters => {
1898 additionalProperties => 0,
1899 properties => {
1900 node => get_standard_option('pve-node'),
1901 vmid => get_standard_option('pve-vmid',
1902 { completion => \&PVE::QemuServer::complete_vmid_running }),
1903 skiplock => get_standard_option('skiplock'),
1904 nocheck => { type => 'boolean', optional => 1 },
1905
1906 },
1907 },
1908 returns => {
1909 type => 'string',
1910 },
1911 code => sub {
1912 my ($param) = @_;
1913
1914 my $rpcenv = PVE::RPCEnvironment::get();
1915
1916 my $authuser = $rpcenv->get_user();
1917
1918 my $node = extract_param($param, 'node');
1919
1920 my $vmid = extract_param($param, 'vmid');
1921
1922 my $skiplock = extract_param($param, 'skiplock');
1923 raise_param_exc({ skiplock => "Only root may use this option." })
1924 if $skiplock && $authuser ne 'root@pam';
1925
1926 my $nocheck = extract_param($param, 'nocheck');
1927
1928 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck);
1929
1930 my $realcmd = sub {
1931 my $upid = shift;
1932
1933 syslog('info', "resume VM $vmid: $upid\n");
1934
1935 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
1936
1937 return;
1938 };
1939
1940 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1941 }});
1942
1943 __PACKAGE__->register_method({
1944 name => 'vm_sendkey',
1945 path => '{vmid}/sendkey',
1946 method => 'PUT',
1947 protected => 1,
1948 proxyto => 'node',
1949 description => "Send key event to virtual machine.",
1950 permissions => {
1951 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1952 },
1953 parameters => {
1954 additionalProperties => 0,
1955 properties => {
1956 node => get_standard_option('pve-node'),
1957 vmid => get_standard_option('pve-vmid',
1958 { completion => \&PVE::QemuServer::complete_vmid_running }),
1959 skiplock => get_standard_option('skiplock'),
1960 key => {
1961 description => "The key (qemu monitor encoding).",
1962 type => 'string'
1963 }
1964 },
1965 },
1966 returns => { type => 'null'},
1967 code => sub {
1968 my ($param) = @_;
1969
1970 my $rpcenv = PVE::RPCEnvironment::get();
1971
1972 my $authuser = $rpcenv->get_user();
1973
1974 my $node = extract_param($param, 'node');
1975
1976 my $vmid = extract_param($param, 'vmid');
1977
1978 my $skiplock = extract_param($param, 'skiplock');
1979 raise_param_exc({ skiplock => "Only root may use this option." })
1980 if $skiplock && $authuser ne 'root@pam';
1981
1982 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1983
1984 return;
1985 }});
1986
1987 __PACKAGE__->register_method({
1988 name => 'vm_feature',
1989 path => '{vmid}/feature',
1990 method => 'GET',
1991 proxyto => 'node',
1992 protected => 1,
1993 description => "Check if feature for virtual machine is available.",
1994 permissions => {
1995 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1996 },
1997 parameters => {
1998 additionalProperties => 0,
1999 properties => {
2000 node => get_standard_option('pve-node'),
2001 vmid => get_standard_option('pve-vmid'),
2002 feature => {
2003 description => "Feature to check.",
2004 type => 'string',
2005 enum => [ 'snapshot', 'clone', 'copy' ],
2006 },
2007 snapname => get_standard_option('pve-snapshot-name', {
2008 optional => 1,
2009 }),
2010 },
2011 },
2012 returns => {
2013 type => "object",
2014 properties => {
2015 hasFeature => { type => 'boolean' },
2016 nodes => {
2017 type => 'array',
2018 items => { type => 'string' },
2019 }
2020 },
2021 },
2022 code => sub {
2023 my ($param) = @_;
2024
2025 my $node = extract_param($param, 'node');
2026
2027 my $vmid = extract_param($param, 'vmid');
2028
2029 my $snapname = extract_param($param, 'snapname');
2030
2031 my $feature = extract_param($param, 'feature');
2032
2033 my $running = PVE::QemuServer::check_running($vmid);
2034
2035 my $conf = PVE::QemuServer::load_config($vmid);
2036
2037 if($snapname){
2038 my $snap = $conf->{snapshots}->{$snapname};
2039 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2040 $conf = $snap;
2041 }
2042 my $storecfg = PVE::Storage::config();
2043
2044 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2045 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2046
2047 return {
2048 hasFeature => $hasFeature,
2049 nodes => [ keys %$nodelist ],
2050 };
2051 }});
2052
2053 __PACKAGE__->register_method({
2054 name => 'clone_vm',
2055 path => '{vmid}/clone',
2056 method => 'POST',
2057 protected => 1,
2058 proxyto => 'node',
2059 description => "Create a copy of virtual machine/template.",
2060 permissions => {
2061 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2062 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2063 "'Datastore.AllocateSpace' on any used storage.",
2064 check =>
2065 [ 'and',
2066 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2067 [ 'or',
2068 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2069 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2070 ],
2071 ]
2072 },
2073 parameters => {
2074 additionalProperties => 0,
2075 properties => {
2076 node => get_standard_option('pve-node'),
2077 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2078 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2079 name => {
2080 optional => 1,
2081 type => 'string', format => 'dns-name',
2082 description => "Set a name for the new VM.",
2083 },
2084 description => {
2085 optional => 1,
2086 type => 'string',
2087 description => "Description for the new VM.",
2088 },
2089 pool => {
2090 optional => 1,
2091 type => 'string', format => 'pve-poolid',
2092 description => "Add the new VM to the specified pool.",
2093 },
2094 snapname => get_standard_option('pve-snapshot-name', {
2095 optional => 1,
2096 }),
2097 storage => get_standard_option('pve-storage-id', {
2098 description => "Target storage for full clone.",
2099 requires => 'full',
2100 optional => 1,
2101 }),
2102 'format' => {
2103 description => "Target format for file storage.",
2104 requires => 'full',
2105 type => 'string',
2106 optional => 1,
2107 enum => [ 'raw', 'qcow2', 'vmdk'],
2108 },
2109 full => {
2110 optional => 1,
2111 type => 'boolean',
2112 description => "Create a full copy of all disk. This is always done when " .
2113 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2114 default => 0,
2115 },
2116 target => get_standard_option('pve-node', {
2117 description => "Target node. Only allowed if the original VM is on shared storage.",
2118 optional => 1,
2119 }),
2120 },
2121 },
2122 returns => {
2123 type => 'string',
2124 },
2125 code => sub {
2126 my ($param) = @_;
2127
2128 my $rpcenv = PVE::RPCEnvironment::get();
2129
2130 my $authuser = $rpcenv->get_user();
2131
2132 my $node = extract_param($param, 'node');
2133
2134 my $vmid = extract_param($param, 'vmid');
2135
2136 my $newid = extract_param($param, 'newid');
2137
2138 my $pool = extract_param($param, 'pool');
2139
2140 if (defined($pool)) {
2141 $rpcenv->check_pool_exist($pool);
2142 }
2143
2144 my $snapname = extract_param($param, 'snapname');
2145
2146 my $storage = extract_param($param, 'storage');
2147
2148 my $format = extract_param($param, 'format');
2149
2150 my $target = extract_param($param, 'target');
2151
2152 my $localnode = PVE::INotify::nodename();
2153
2154 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2155
2156 PVE::Cluster::check_node_exists($target) if $target;
2157
2158 my $storecfg = PVE::Storage::config();
2159
2160 if ($storage) {
2161 # check if storage is enabled on local node
2162 PVE::Storage::storage_check_enabled($storecfg, $storage);
2163 if ($target) {
2164 # check if storage is available on target node
2165 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2166 # clone only works if target storage is shared
2167 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2168 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2169 }
2170 }
2171
2172 PVE::Cluster::check_cfs_quorum();
2173
2174 my $running = PVE::QemuServer::check_running($vmid) || 0;
2175
2176 # exclusive lock if VM is running - else shared lock is enough;
2177 my $shared_lock = $running ? 0 : 1;
2178
2179 my $clonefn = sub {
2180
2181 # do all tests after lock
2182 # we also try to do all tests before we fork the worker
2183
2184 my $conf = PVE::QemuServer::load_config($vmid);
2185
2186 PVE::QemuServer::check_lock($conf);
2187
2188 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2189
2190 die "unexpected state change\n" if $verify_running != $running;
2191
2192 die "snapshot '$snapname' does not exist\n"
2193 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2194
2195 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2196
2197 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2198
2199 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2200
2201 my $conffile = PVE::QemuServer::config_file($newid);
2202
2203 die "unable to create VM $newid: config file already exists\n"
2204 if -f $conffile;
2205
2206 my $newconf = { lock => 'clone' };
2207 my $drives = {};
2208 my $fullclone = {};
2209 my $vollist = [];
2210
2211 foreach my $opt (keys %$oldconf) {
2212 my $value = $oldconf->{$opt};
2213
2214 # do not copy snapshot related info
2215 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2216 $opt eq 'vmstate' || $opt eq 'snapstate';
2217
2218 # no need to copy unused images, because VMID(owner) changes anyways
2219 next if $opt =~ m/^unused\d+$/;
2220
2221 # always change MAC! address
2222 if ($opt =~ m/^net(\d+)$/) {
2223 my $net = PVE::QemuServer::parse_net($value);
2224 $net->{macaddr} = PVE::Tools::random_ether_addr();
2225 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2226 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2227 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2228 die "unable to parse drive options for '$opt'\n" if !$drive;
2229 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2230 $newconf->{$opt} = $value; # simply copy configuration
2231 } else {
2232 if ($param->{full}) {
2233 die "Full clone feature is not available"
2234 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2235 $fullclone->{$opt} = 1;
2236 } else {
2237 # not full means clone instead of copy
2238 die "Linked clone feature is not available"
2239 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2240 }
2241 $drives->{$opt} = $drive;
2242 push @$vollist, $drive->{file};
2243 }
2244 } else {
2245 # copy everything else
2246 $newconf->{$opt} = $value;
2247 }
2248 }
2249
2250 # auto generate a new uuid
2251 my ($uuid, $uuid_str);
2252 UUID::generate($uuid);
2253 UUID::unparse($uuid, $uuid_str);
2254 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2255 $smbios1->{uuid} = $uuid_str;
2256 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2257
2258 delete $newconf->{template};
2259
2260 if ($param->{name}) {
2261 $newconf->{name} = $param->{name};
2262 } else {
2263 if ($oldconf->{name}) {
2264 $newconf->{name} = "Copy-of-$oldconf->{name}";
2265 } else {
2266 $newconf->{name} = "Copy-of-VM-$vmid";
2267 }
2268 }
2269
2270 if ($param->{description}) {
2271 $newconf->{description} = $param->{description};
2272 }
2273
2274 # create empty/temp config - this fails if VM already exists on other node
2275 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2276
2277 my $realcmd = sub {
2278 my $upid = shift;
2279
2280 my $newvollist = [];
2281
2282 eval {
2283 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2284
2285 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2286
2287 foreach my $opt (keys %$drives) {
2288 my $drive = $drives->{$opt};
2289
2290 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2291 $newid, $storage, $format, $fullclone->{$opt}, $newvollist);
2292
2293 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2294
2295 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2296 }
2297
2298 delete $newconf->{lock};
2299 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2300
2301 if ($target) {
2302 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2303 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname);
2304
2305 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2306 die "Failed to move config to node '$target' - rename failed: $!\n"
2307 if !rename($conffile, $newconffile);
2308 }
2309
2310 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2311 };
2312 if (my $err = $@) {
2313 unlink $conffile;
2314
2315 sleep 1; # some storage like rbd need to wait before release volume - really?
2316
2317 foreach my $volid (@$newvollist) {
2318 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2319 warn $@ if $@;
2320 }
2321 die "clone failed: $err";
2322 }
2323
2324 return;
2325 };
2326
2327 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2328
2329 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2330 };
2331
2332 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2333 # Aquire exclusive lock lock for $newid
2334 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2335 });
2336
2337 }});
2338
2339 __PACKAGE__->register_method({
2340 name => 'move_vm_disk',
2341 path => '{vmid}/move_disk',
2342 method => 'POST',
2343 protected => 1,
2344 proxyto => 'node',
2345 description => "Move volume to different storage.",
2346 permissions => {
2347 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2348 "and 'Datastore.AllocateSpace' permissions on the storage.",
2349 check =>
2350 [ 'and',
2351 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2352 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2353 ],
2354 },
2355 parameters => {
2356 additionalProperties => 0,
2357 properties => {
2358 node => get_standard_option('pve-node'),
2359 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2360 disk => {
2361 type => 'string',
2362 description => "The disk you want to move.",
2363 enum => [ PVE::QemuServer::disknames() ],
2364 },
2365 storage => get_standard_option('pve-storage-id', {
2366 description => "Target storage.",
2367 completion => \&PVE::QemuServer::complete_storage,
2368 }),
2369 'format' => {
2370 type => 'string',
2371 description => "Target Format.",
2372 enum => [ 'raw', 'qcow2', 'vmdk' ],
2373 optional => 1,
2374 },
2375 delete => {
2376 type => 'boolean',
2377 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2378 optional => 1,
2379 default => 0,
2380 },
2381 digest => {
2382 type => 'string',
2383 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2384 maxLength => 40,
2385 optional => 1,
2386 },
2387 },
2388 },
2389 returns => {
2390 type => 'string',
2391 description => "the task ID.",
2392 },
2393 code => sub {
2394 my ($param) = @_;
2395
2396 my $rpcenv = PVE::RPCEnvironment::get();
2397
2398 my $authuser = $rpcenv->get_user();
2399
2400 my $node = extract_param($param, 'node');
2401
2402 my $vmid = extract_param($param, 'vmid');
2403
2404 my $digest = extract_param($param, 'digest');
2405
2406 my $disk = extract_param($param, 'disk');
2407
2408 my $storeid = extract_param($param, 'storage');
2409
2410 my $format = extract_param($param, 'format');
2411
2412 my $storecfg = PVE::Storage::config();
2413
2414 my $updatefn = sub {
2415
2416 my $conf = PVE::QemuServer::load_config($vmid);
2417
2418 die "checksum missmatch (file change by other user?)\n"
2419 if $digest && $digest ne $conf->{digest};
2420
2421 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2422
2423 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2424
2425 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2426
2427 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2428
2429 my $oldfmt;
2430 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2431 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2432 $oldfmt = $1;
2433 }
2434
2435 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2436 (!$format || !$oldfmt || $oldfmt eq $format);
2437
2438 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2439
2440 my $running = PVE::QemuServer::check_running($vmid);
2441
2442 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2443
2444 my $realcmd = sub {
2445
2446 my $newvollist = [];
2447
2448 eval {
2449 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2450
2451 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2452 $vmid, $storeid, $format, 1, $newvollist);
2453
2454 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2455
2456 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2457
2458 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2459
2460 eval {
2461 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2462 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2463 if !$running;
2464 };
2465 warn $@ if $@;
2466 };
2467 if (my $err = $@) {
2468
2469 foreach my $volid (@$newvollist) {
2470 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2471 warn $@ if $@;
2472 }
2473 die "storage migration failed: $err";
2474 }
2475
2476 if ($param->{delete}) {
2477 if (PVE::QemuServer::is_volume_in_use($storecfg, $conf, undef, $old_volid)) {
2478 warn "volume $old_volid still has snapshots, can't delete it\n";
2479 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2480 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2481 } else {
2482 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2483 warn $@ if $@;
2484 }
2485 }
2486 };
2487
2488 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2489 };
2490
2491 return PVE::QemuServer::lock_config($vmid, $updatefn);
2492 }});
2493
2494 __PACKAGE__->register_method({
2495 name => 'migrate_vm',
2496 path => '{vmid}/migrate',
2497 method => 'POST',
2498 protected => 1,
2499 proxyto => 'node',
2500 description => "Migrate virtual machine. Creates a new migration task.",
2501 permissions => {
2502 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2503 },
2504 parameters => {
2505 additionalProperties => 0,
2506 properties => {
2507 node => get_standard_option('pve-node'),
2508 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2509 target => get_standard_option('pve-node', {
2510 description => "Target node.",
2511 completion => \&PVE::Cluster::complete_migration_target,
2512 }),
2513 online => {
2514 type => 'boolean',
2515 description => "Use online/live migration.",
2516 optional => 1,
2517 },
2518 force => {
2519 type => 'boolean',
2520 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2521 optional => 1,
2522 },
2523 },
2524 },
2525 returns => {
2526 type => 'string',
2527 description => "the task ID.",
2528 },
2529 code => sub {
2530 my ($param) = @_;
2531
2532 my $rpcenv = PVE::RPCEnvironment::get();
2533
2534 my $authuser = $rpcenv->get_user();
2535
2536 my $target = extract_param($param, 'target');
2537
2538 my $localnode = PVE::INotify::nodename();
2539 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2540
2541 PVE::Cluster::check_cfs_quorum();
2542
2543 PVE::Cluster::check_node_exists($target);
2544
2545 my $targetip = PVE::Cluster::remote_node_ip($target);
2546
2547 my $vmid = extract_param($param, 'vmid');
2548
2549 raise_param_exc({ force => "Only root may use this option." })
2550 if $param->{force} && $authuser ne 'root@pam';
2551
2552 # test if VM exists
2553 my $conf = PVE::QemuServer::load_config($vmid);
2554
2555 # try to detect errors early
2556
2557 PVE::QemuServer::check_lock($conf);
2558
2559 if (PVE::QemuServer::check_running($vmid)) {
2560 die "cant migrate running VM without --online\n"
2561 if !$param->{online};
2562 }
2563
2564 my $storecfg = PVE::Storage::config();
2565 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2566
2567 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2568
2569 my $hacmd = sub {
2570 my $upid = shift;
2571
2572 my $service = "vm:$vmid";
2573
2574 my $cmd = ['ha-manager', 'migrate', $service, $target];
2575
2576 print "Executing HA migrate for VM $vmid to node $target\n";
2577
2578 PVE::Tools::run_command($cmd);
2579
2580 return;
2581 };
2582
2583 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2584
2585 } else {
2586
2587 my $realcmd = sub {
2588 my $upid = shift;
2589
2590 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2591 };
2592
2593 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2594 }
2595
2596 }});
2597
2598 __PACKAGE__->register_method({
2599 name => 'monitor',
2600 path => '{vmid}/monitor',
2601 method => 'POST',
2602 protected => 1,
2603 proxyto => 'node',
2604 description => "Execute Qemu monitor commands.",
2605 permissions => {
2606 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2607 },
2608 parameters => {
2609 additionalProperties => 0,
2610 properties => {
2611 node => get_standard_option('pve-node'),
2612 vmid => get_standard_option('pve-vmid'),
2613 command => {
2614 type => 'string',
2615 description => "The monitor command.",
2616 }
2617 },
2618 },
2619 returns => { type => 'string'},
2620 code => sub {
2621 my ($param) = @_;
2622
2623 my $vmid = $param->{vmid};
2624
2625 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2626
2627 my $res = '';
2628 eval {
2629 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2630 };
2631 $res = "ERROR: $@" if $@;
2632
2633 return $res;
2634 }});
2635
2636 __PACKAGE__->register_method({
2637 name => 'resize_vm',
2638 path => '{vmid}/resize',
2639 method => 'PUT',
2640 protected => 1,
2641 proxyto => 'node',
2642 description => "Extend volume size.",
2643 permissions => {
2644 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2645 },
2646 parameters => {
2647 additionalProperties => 0,
2648 properties => {
2649 node => get_standard_option('pve-node'),
2650 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2651 skiplock => get_standard_option('skiplock'),
2652 disk => {
2653 type => 'string',
2654 description => "The disk you want to resize.",
2655 enum => [PVE::QemuServer::disknames()],
2656 },
2657 size => {
2658 type => 'string',
2659 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2660 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2661 },
2662 digest => {
2663 type => 'string',
2664 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2665 maxLength => 40,
2666 optional => 1,
2667 },
2668 },
2669 },
2670 returns => { type => 'null'},
2671 code => sub {
2672 my ($param) = @_;
2673
2674 my $rpcenv = PVE::RPCEnvironment::get();
2675
2676 my $authuser = $rpcenv->get_user();
2677
2678 my $node = extract_param($param, 'node');
2679
2680 my $vmid = extract_param($param, 'vmid');
2681
2682 my $digest = extract_param($param, 'digest');
2683
2684 my $disk = extract_param($param, 'disk');
2685
2686 my $sizestr = extract_param($param, 'size');
2687
2688 my $skiplock = extract_param($param, 'skiplock');
2689 raise_param_exc({ skiplock => "Only root may use this option." })
2690 if $skiplock && $authuser ne 'root@pam';
2691
2692 my $storecfg = PVE::Storage::config();
2693
2694 my $updatefn = sub {
2695
2696 my $conf = PVE::QemuServer::load_config($vmid);
2697
2698 die "checksum missmatch (file change by other user?)\n"
2699 if $digest && $digest ne $conf->{digest};
2700 PVE::QemuServer::check_lock($conf) if !$skiplock;
2701
2702 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2703
2704 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2705
2706 my (undef, undef, undef, undef, undef, undef, $format) =
2707 PVE::Storage::parse_volname($storecfg, $drive->{file});
2708
2709 die "can't resize volume: $disk if snapshot exists\n"
2710 if %{$conf->{snapshots}} && $format eq 'qcow2';
2711
2712 my $volid = $drive->{file};
2713
2714 die "disk '$disk' has no associated volume\n" if !$volid;
2715
2716 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2717
2718 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2719
2720 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2721
2722 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2723
2724 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2725 my ($ext, $newsize, $unit) = ($1, $2, $4);
2726 if ($unit) {
2727 if ($unit eq 'K') {
2728 $newsize = $newsize * 1024;
2729 } elsif ($unit eq 'M') {
2730 $newsize = $newsize * 1024 * 1024;
2731 } elsif ($unit eq 'G') {
2732 $newsize = $newsize * 1024 * 1024 * 1024;
2733 } elsif ($unit eq 'T') {
2734 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2735 }
2736 }
2737 $newsize += $size if $ext;
2738 $newsize = int($newsize);
2739
2740 die "unable to skrink disk size\n" if $newsize < $size;
2741
2742 return if $size == $newsize;
2743
2744 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2745
2746 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2747
2748 $drive->{size} = $newsize;
2749 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2750
2751 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2752 };
2753
2754 PVE::QemuServer::lock_config($vmid, $updatefn);
2755 return undef;
2756 }});
2757
2758 __PACKAGE__->register_method({
2759 name => 'snapshot_list',
2760 path => '{vmid}/snapshot',
2761 method => 'GET',
2762 description => "List all snapshots.",
2763 permissions => {
2764 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2765 },
2766 proxyto => 'node',
2767 protected => 1, # qemu pid files are only readable by root
2768 parameters => {
2769 additionalProperties => 0,
2770 properties => {
2771 vmid => get_standard_option('pve-vmid'),
2772 node => get_standard_option('pve-node'),
2773 },
2774 },
2775 returns => {
2776 type => 'array',
2777 items => {
2778 type => "object",
2779 properties => {},
2780 },
2781 links => [ { rel => 'child', href => "{name}" } ],
2782 },
2783 code => sub {
2784 my ($param) = @_;
2785
2786 my $vmid = $param->{vmid};
2787
2788 my $conf = PVE::QemuServer::load_config($vmid);
2789 my $snaphash = $conf->{snapshots} || {};
2790
2791 my $res = [];
2792
2793 foreach my $name (keys %$snaphash) {
2794 my $d = $snaphash->{$name};
2795 my $item = {
2796 name => $name,
2797 snaptime => $d->{snaptime} || 0,
2798 vmstate => $d->{vmstate} ? 1 : 0,
2799 description => $d->{description} || '',
2800 };
2801 $item->{parent} = $d->{parent} if $d->{parent};
2802 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2803 push @$res, $item;
2804 }
2805
2806 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2807 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2808 $current->{parent} = $conf->{parent} if $conf->{parent};
2809
2810 push @$res, $current;
2811
2812 return $res;
2813 }});
2814
2815 __PACKAGE__->register_method({
2816 name => 'snapshot',
2817 path => '{vmid}/snapshot',
2818 method => 'POST',
2819 protected => 1,
2820 proxyto => 'node',
2821 description => "Snapshot a VM.",
2822 permissions => {
2823 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2824 },
2825 parameters => {
2826 additionalProperties => 0,
2827 properties => {
2828 node => get_standard_option('pve-node'),
2829 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2830 snapname => get_standard_option('pve-snapshot-name'),
2831 vmstate => {
2832 optional => 1,
2833 type => 'boolean',
2834 description => "Save the vmstate",
2835 },
2836 description => {
2837 optional => 1,
2838 type => 'string',
2839 description => "A textual description or comment.",
2840 },
2841 },
2842 },
2843 returns => {
2844 type => 'string',
2845 description => "the task ID.",
2846 },
2847 code => sub {
2848 my ($param) = @_;
2849
2850 my $rpcenv = PVE::RPCEnvironment::get();
2851
2852 my $authuser = $rpcenv->get_user();
2853
2854 my $node = extract_param($param, 'node');
2855
2856 my $vmid = extract_param($param, 'vmid');
2857
2858 my $snapname = extract_param($param, 'snapname');
2859
2860 die "unable to use snapshot name 'current' (reserved name)\n"
2861 if $snapname eq 'current';
2862
2863 my $realcmd = sub {
2864 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2865 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2866 $param->{description});
2867 };
2868
2869 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2870 }});
2871
2872 __PACKAGE__->register_method({
2873 name => 'snapshot_cmd_idx',
2874 path => '{vmid}/snapshot/{snapname}',
2875 description => '',
2876 method => 'GET',
2877 permissions => {
2878 user => 'all',
2879 },
2880 parameters => {
2881 additionalProperties => 0,
2882 properties => {
2883 vmid => get_standard_option('pve-vmid'),
2884 node => get_standard_option('pve-node'),
2885 snapname => get_standard_option('pve-snapshot-name'),
2886 },
2887 },
2888 returns => {
2889 type => 'array',
2890 items => {
2891 type => "object",
2892 properties => {},
2893 },
2894 links => [ { rel => 'child', href => "{cmd}" } ],
2895 },
2896 code => sub {
2897 my ($param) = @_;
2898
2899 my $res = [];
2900
2901 push @$res, { cmd => 'rollback' };
2902 push @$res, { cmd => 'config' };
2903
2904 return $res;
2905 }});
2906
2907 __PACKAGE__->register_method({
2908 name => 'update_snapshot_config',
2909 path => '{vmid}/snapshot/{snapname}/config',
2910 method => 'PUT',
2911 protected => 1,
2912 proxyto => 'node',
2913 description => "Update snapshot metadata.",
2914 permissions => {
2915 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2916 },
2917 parameters => {
2918 additionalProperties => 0,
2919 properties => {
2920 node => get_standard_option('pve-node'),
2921 vmid => get_standard_option('pve-vmid'),
2922 snapname => get_standard_option('pve-snapshot-name'),
2923 description => {
2924 optional => 1,
2925 type => 'string',
2926 description => "A textual description or comment.",
2927 },
2928 },
2929 },
2930 returns => { type => 'null' },
2931 code => sub {
2932 my ($param) = @_;
2933
2934 my $rpcenv = PVE::RPCEnvironment::get();
2935
2936 my $authuser = $rpcenv->get_user();
2937
2938 my $vmid = extract_param($param, 'vmid');
2939
2940 my $snapname = extract_param($param, 'snapname');
2941
2942 return undef if !defined($param->{description});
2943
2944 my $updatefn = sub {
2945
2946 my $conf = PVE::QemuServer::load_config($vmid);
2947
2948 PVE::QemuServer::check_lock($conf);
2949
2950 my $snap = $conf->{snapshots}->{$snapname};
2951
2952 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2953
2954 $snap->{description} = $param->{description} if defined($param->{description});
2955
2956 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2957 };
2958
2959 PVE::QemuServer::lock_config($vmid, $updatefn);
2960
2961 return undef;
2962 }});
2963
2964 __PACKAGE__->register_method({
2965 name => 'get_snapshot_config',
2966 path => '{vmid}/snapshot/{snapname}/config',
2967 method => 'GET',
2968 proxyto => 'node',
2969 description => "Get snapshot configuration",
2970 permissions => {
2971 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2972 },
2973 parameters => {
2974 additionalProperties => 0,
2975 properties => {
2976 node => get_standard_option('pve-node'),
2977 vmid => get_standard_option('pve-vmid'),
2978 snapname => get_standard_option('pve-snapshot-name'),
2979 },
2980 },
2981 returns => { type => "object" },
2982 code => sub {
2983 my ($param) = @_;
2984
2985 my $rpcenv = PVE::RPCEnvironment::get();
2986
2987 my $authuser = $rpcenv->get_user();
2988
2989 my $vmid = extract_param($param, 'vmid');
2990
2991 my $snapname = extract_param($param, 'snapname');
2992
2993 my $conf = PVE::QemuServer::load_config($vmid);
2994
2995 my $snap = $conf->{snapshots}->{$snapname};
2996
2997 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2998
2999 return $snap;
3000 }});
3001
3002 __PACKAGE__->register_method({
3003 name => 'rollback',
3004 path => '{vmid}/snapshot/{snapname}/rollback',
3005 method => 'POST',
3006 protected => 1,
3007 proxyto => 'node',
3008 description => "Rollback VM state to specified snapshot.",
3009 permissions => {
3010 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3011 },
3012 parameters => {
3013 additionalProperties => 0,
3014 properties => {
3015 node => get_standard_option('pve-node'),
3016 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3017 snapname => get_standard_option('pve-snapshot-name'),
3018 },
3019 },
3020 returns => {
3021 type => 'string',
3022 description => "the task ID.",
3023 },
3024 code => sub {
3025 my ($param) = @_;
3026
3027 my $rpcenv = PVE::RPCEnvironment::get();
3028
3029 my $authuser = $rpcenv->get_user();
3030
3031 my $node = extract_param($param, 'node');
3032
3033 my $vmid = extract_param($param, 'vmid');
3034
3035 my $snapname = extract_param($param, 'snapname');
3036
3037 my $realcmd = sub {
3038 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3039 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3040 };
3041
3042 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3043 }});
3044
3045 __PACKAGE__->register_method({
3046 name => 'delsnapshot',
3047 path => '{vmid}/snapshot/{snapname}',
3048 method => 'DELETE',
3049 protected => 1,
3050 proxyto => 'node',
3051 description => "Delete a VM snapshot.",
3052 permissions => {
3053 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3054 },
3055 parameters => {
3056 additionalProperties => 0,
3057 properties => {
3058 node => get_standard_option('pve-node'),
3059 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3060 snapname => get_standard_option('pve-snapshot-name'),
3061 force => {
3062 optional => 1,
3063 type => 'boolean',
3064 description => "For removal from config file, even if removing disk snapshots fails.",
3065 },
3066 },
3067 },
3068 returns => {
3069 type => 'string',
3070 description => "the task ID.",
3071 },
3072 code => sub {
3073 my ($param) = @_;
3074
3075 my $rpcenv = PVE::RPCEnvironment::get();
3076
3077 my $authuser = $rpcenv->get_user();
3078
3079 my $node = extract_param($param, 'node');
3080
3081 my $vmid = extract_param($param, 'vmid');
3082
3083 my $snapname = extract_param($param, 'snapname');
3084
3085 my $realcmd = sub {
3086 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3087 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3088 };
3089
3090 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3091 }});
3092
3093 __PACKAGE__->register_method({
3094 name => 'template',
3095 path => '{vmid}/template',
3096 method => 'POST',
3097 protected => 1,
3098 proxyto => 'node',
3099 description => "Create a Template.",
3100 permissions => {
3101 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3102 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3103 },
3104 parameters => {
3105 additionalProperties => 0,
3106 properties => {
3107 node => get_standard_option('pve-node'),
3108 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3109 disk => {
3110 optional => 1,
3111 type => 'string',
3112 description => "If you want to convert only 1 disk to base image.",
3113 enum => [PVE::QemuServer::disknames()],
3114 },
3115
3116 },
3117 },
3118 returns => { type => 'null'},
3119 code => sub {
3120 my ($param) = @_;
3121
3122 my $rpcenv = PVE::RPCEnvironment::get();
3123
3124 my $authuser = $rpcenv->get_user();
3125
3126 my $node = extract_param($param, 'node');
3127
3128 my $vmid = extract_param($param, 'vmid');
3129
3130 my $disk = extract_param($param, 'disk');
3131
3132 my $updatefn = sub {
3133
3134 my $conf = PVE::QemuServer::load_config($vmid);
3135
3136 PVE::QemuServer::check_lock($conf);
3137
3138 die "unable to create template, because VM contains snapshots\n"
3139 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3140
3141 die "you can't convert a template to a template\n"
3142 if PVE::QemuServer::is_template($conf) && !$disk;
3143
3144 die "you can't convert a VM to template if VM is running\n"
3145 if PVE::QemuServer::check_running($vmid);
3146
3147 my $realcmd = sub {
3148 PVE::QemuServer::template_create($vmid, $conf, $disk);
3149 };
3150
3151 $conf->{template} = 1;
3152 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3153
3154 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3155 };
3156
3157 PVE::QemuServer::lock_config($vmid, $updatefn);
3158 return undef;
3159 }});
3160
3161 1;
Virtual Machine Manager