]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
copy efivars disk on create
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuConfig;
17 use PVE::QemuServer;
18 use PVE::QemuMigrate;
19 use PVE::RPCEnvironment;
20 use PVE::AccessControl;
21 use PVE::INotify;
22 use PVE::Network;
23 use PVE::Firewall;
24 use PVE::API2::Firewall::VM;
25 use PVE::HA::Env::PVE2;
26 use PVE::HA::Config;
27
28 use Data::Dumper; # fixme: remove
29
30 use base qw(PVE::RESTHandler);
31
32 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
33
34 my $resolve_cdrom_alias = sub {
35 my $param = shift;
36
37 if (my $value = $param->{cdrom}) {
38 $value .= ",media=cdrom" if $value !~ m/media=/;
39 $param->{ide2} = $value;
40 delete $param->{cdrom};
41 }
42 };
43
44 my $check_storage_access = sub {
45 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
46
47 PVE::QemuServer::foreach_drive($settings, sub {
48 my ($ds, $drive) = @_;
49
50 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
51
52 my $volid = $drive->{file};
53
54 if (!$volid || $volid eq 'none') {
55 # nothing to check
56 } elsif ($isCDROM && ($volid eq 'cdrom')) {
57 $rpcenv->check($authuser, "/", ['Sys.Console']);
58 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
59 my ($storeid, $size) = ($2 || $default_storage, $3);
60 die "no storage ID specified (and no default storage)\n" if !$storeid;
61 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
62 } else {
63 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
64 }
65 });
66 };
67
68 my $check_storage_access_clone = sub {
69 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
70
71 my $sharedvm = 1;
72
73 PVE::QemuServer::foreach_drive($conf, sub {
74 my ($ds, $drive) = @_;
75
76 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
77
78 my $volid = $drive->{file};
79
80 return if !$volid || $volid eq 'none';
81
82 if ($isCDROM) {
83 if ($volid eq 'cdrom') {
84 $rpcenv->check($authuser, "/", ['Sys.Console']);
85 } else {
86 # we simply allow access
87 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
88 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
89 $sharedvm = 0 if !$scfg->{shared};
90
91 }
92 } else {
93 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
94 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
95 $sharedvm = 0 if !$scfg->{shared};
96
97 $sid = $storage if $storage;
98 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
99 }
100 });
101
102 return $sharedvm;
103 };
104
105 # Note: $pool is only needed when creating a VM, because pool permissions
106 # are automatically inherited if VM already exists inside a pool.
107 my $create_disks = sub {
108 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
109
110 my $vollist = [];
111
112 my $res = {};
113 PVE::QemuServer::foreach_drive($settings, sub {
114 my ($ds, $disk) = @_;
115
116 my $volid = $disk->{file};
117
118 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
119 delete $disk->{size};
120 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
121 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
122 my ($storeid, $size) = ($2 || $default_storage, $3);
123 die "no storage ID specified (and no default storage)\n" if !$storeid;
124 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
125 my $fmt = $disk->{format} || $defformat;
126
127 my $volid;
128 if ($ds eq 'efidisk0') {
129 # handle efidisk
130 my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd';
131 die "uefi vars image not found\n" if ! -f $ovmfvars;
132 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
133 $fmt, undef, 128);
134 $disk->{file} = $volid;
135 $disk->{size} = 128*1024;
136 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
137 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
138 my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname);
139 my $path = PVE::Storage::path($storecfg, $volid);
140 my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-f', 'raw', '-O', $qemufmt];
141 push @$efidiskcmd, $ovmfvars;
142 push @$efidiskcmd, $path;
143 eval { PVE::Tools::run_command($efidiskcmd); };
144 my $err = $@;
145 die "Copying of EFI Vars image failed: $err" if $err;
146 } else {
147 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
148 $fmt, undef, $size*1024*1024);
149 $disk->{file} = $volid;
150 $disk->{size} = $size*1024*1024*1024;
151 }
152 push @$vollist, $volid;
153 delete $disk->{format}; # no longer needed
154 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
155 } else {
156
157 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
158
159 my $volid_is_new = 1;
160
161 if ($conf->{$ds}) {
162 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
163 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
164 }
165
166 if ($volid_is_new) {
167
168 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
169
170 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
171
172 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
173
174 die "volume $volid does not exists\n" if !$size;
175
176 $disk->{size} = $size;
177 }
178
179 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
180 }
181 });
182
183 # free allocated images on error
184 if (my $err = $@) {
185 syslog('err', "VM $vmid creating disks failed");
186 foreach my $volid (@$vollist) {
187 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
188 warn $@ if $@;
189 }
190 die $err;
191 }
192
193 # modify vm config if everything went well
194 foreach my $ds (keys %$res) {
195 $conf->{$ds} = $res->{$ds};
196 }
197
198 return $vollist;
199 };
200
201 my $cpuoptions = {
202 'cores' => 1,
203 'cpu' => 1,
204 'cpulimit' => 1,
205 'cpuunits' => 1,
206 'numa' => 1,
207 'smp' => 1,
208 'sockets' => 1,
209 'vcpus' => 1,
210 };
211
212 my $memoryoptions = {
213 'memory' => 1,
214 'balloon' => 1,
215 'shares' => 1,
216 };
217
218 my $hwtypeoptions = {
219 'acpi' => 1,
220 'hotplug' => 1,
221 'kvm' => 1,
222 'machine' => 1,
223 'scsihw' => 1,
224 'smbios1' => 1,
225 'tablet' => 1,
226 'vga' => 1,
227 'watchdog' => 1,
228 };
229
230 my $generaloptions = {
231 'agent' => 1,
232 'autostart' => 1,
233 'bios' => 1,
234 'description' => 1,
235 'keyboard' => 1,
236 'localtime' => 1,
237 'migrate_downtime' => 1,
238 'migrate_speed' => 1,
239 'name' => 1,
240 'onboot' => 1,
241 'ostype' => 1,
242 'protection' => 1,
243 'reboot' => 1,
244 'startdate' => 1,
245 'startup' => 1,
246 'tdf' => 1,
247 'template' => 1,
248 };
249
250 my $vmpoweroptions = {
251 'freeze' => 1,
252 };
253
254 my $diskoptions = {
255 'boot' => 1,
256 'bootdisk' => 1,
257 };
258
259 my $check_vm_modify_config_perm = sub {
260 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
261
262 return 1 if $authuser eq 'root@pam';
263
264 foreach my $opt (@$key_list) {
265 # disk checks need to be done somewhere else
266 next if PVE::QemuServer::is_valid_drivename($opt);
267 next if $opt eq 'cdrom';
268 next if $opt =~ m/^unused\d+$/;
269
270 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
271 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
272 } elsif ($memoryoptions->{$opt}) {
273 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
274 } elsif ($hwtypeoptions->{$opt}) {
275 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
276 } elsif ($generaloptions->{$opt}) {
277 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
278 # special case for startup since it changes host behaviour
279 if ($opt eq 'startup') {
280 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
281 }
282 } elsif ($vmpoweroptions->{$opt}) {
283 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
284 } elsif ($diskoptions->{$opt}) {
285 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
286 } elsif ($opt =~ m/^net\d+$/) {
287 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
288 } else {
289 # catches usb\d+, hostpci\d+, args, lock, etc.
290 # new options will be checked here
291 die "only root can set '$opt' config\n";
292 }
293 }
294
295 return 1;
296 };
297
298 __PACKAGE__->register_method({
299 name => 'vmlist',
300 path => '',
301 method => 'GET',
302 description => "Virtual machine index (per node).",
303 permissions => {
304 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
305 user => 'all',
306 },
307 proxyto => 'node',
308 protected => 1, # qemu pid files are only readable by root
309 parameters => {
310 additionalProperties => 0,
311 properties => {
312 node => get_standard_option('pve-node'),
313 full => {
314 type => 'boolean',
315 optional => 1,
316 description => "Determine the full status of active VMs.",
317 },
318 },
319 },
320 returns => {
321 type => 'array',
322 items => {
323 type => "object",
324 properties => {},
325 },
326 links => [ { rel => 'child', href => "{vmid}" } ],
327 },
328 code => sub {
329 my ($param) = @_;
330
331 my $rpcenv = PVE::RPCEnvironment::get();
332 my $authuser = $rpcenv->get_user();
333
334 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
335
336 my $res = [];
337 foreach my $vmid (keys %$vmstatus) {
338 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
339
340 my $data = $vmstatus->{$vmid};
341 $data->{vmid} = int($vmid);
342 push @$res, $data;
343 }
344
345 return $res;
346 }});
347
348
349
350 __PACKAGE__->register_method({
351 name => 'create_vm',
352 path => '',
353 method => 'POST',
354 description => "Create or restore a virtual machine.",
355 permissions => {
356 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
357 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
358 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
359 user => 'all', # check inside
360 },
361 protected => 1,
362 proxyto => 'node',
363 parameters => {
364 additionalProperties => 0,
365 properties => PVE::QemuServer::json_config_properties(
366 {
367 node => get_standard_option('pve-node'),
368 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
369 archive => {
370 description => "The backup file.",
371 type => 'string',
372 optional => 1,
373 maxLength => 255,
374 completion => \&PVE::QemuServer::complete_backup_archives,
375 },
376 storage => get_standard_option('pve-storage-id', {
377 description => "Default storage.",
378 optional => 1,
379 completion => \&PVE::QemuServer::complete_storage,
380 }),
381 force => {
382 optional => 1,
383 type => 'boolean',
384 description => "Allow to overwrite existing VM.",
385 requires => 'archive',
386 },
387 unique => {
388 optional => 1,
389 type => 'boolean',
390 description => "Assign a unique random ethernet address.",
391 requires => 'archive',
392 },
393 pool => {
394 optional => 1,
395 type => 'string', format => 'pve-poolid',
396 description => "Add the VM to the specified pool.",
397 },
398 }),
399 },
400 returns => {
401 type => 'string',
402 },
403 code => sub {
404 my ($param) = @_;
405
406 my $rpcenv = PVE::RPCEnvironment::get();
407
408 my $authuser = $rpcenv->get_user();
409
410 my $node = extract_param($param, 'node');
411
412 my $vmid = extract_param($param, 'vmid');
413
414 my $archive = extract_param($param, 'archive');
415
416 my $storage = extract_param($param, 'storage');
417
418 my $force = extract_param($param, 'force');
419
420 my $unique = extract_param($param, 'unique');
421
422 my $pool = extract_param($param, 'pool');
423
424 my $filename = PVE::QemuConfig->config_file($vmid);
425
426 my $storecfg = PVE::Storage::config();
427
428 PVE::Cluster::check_cfs_quorum();
429
430 if (defined($pool)) {
431 $rpcenv->check_pool_exist($pool);
432 }
433
434 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
435 if defined($storage);
436
437 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
438 # OK
439 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
440 # OK
441 } elsif ($archive && $force && (-f $filename) &&
442 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
443 # OK: user has VM.Backup permissions, and want to restore an existing VM
444 } else {
445 raise_perm_exc();
446 }
447
448 if (!$archive) {
449 &$resolve_cdrom_alias($param);
450
451 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
452
453 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
454
455 foreach my $opt (keys %$param) {
456 if (PVE::QemuServer::is_valid_drivename($opt)) {
457 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
458 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
459
460 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
461 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
462 }
463 }
464
465 PVE::QemuServer::add_random_macs($param);
466 } else {
467 my $keystr = join(' ', keys %$param);
468 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
469
470 if ($archive eq '-') {
471 die "pipe requires cli environment\n"
472 if $rpcenv->{type} ne 'cli';
473 } else {
474 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
475 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
476 }
477 }
478
479 my $restorefn = sub {
480 my $vmlist = PVE::Cluster::get_vmlist();
481 if ($vmlist->{ids}->{$vmid}) {
482 my $current_node = $vmlist->{ids}->{$vmid}->{node};
483 if ($current_node eq $node) {
484 my $conf = PVE::QemuConfig->load_config($vmid);
485
486 PVE::QemuConfig->check_protection($conf, "unable to restore VM $vmid");
487
488 die "unable to restore vm $vmid - config file already exists\n"
489 if !$force;
490
491 die "unable to restore vm $vmid - vm is running\n"
492 if PVE::QemuServer::check_running($vmid);
493 } else {
494 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
495 }
496 }
497
498 my $realcmd = sub {
499 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
500 storage => $storage,
501 pool => $pool,
502 unique => $unique });
503
504 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
505 };
506
507 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
508 };
509
510 my $createfn = sub {
511
512 # test after locking
513 PVE::Cluster::check_vmid_unused($vmid);
514
515 my $realcmd = sub {
516
517 my $vollist = [];
518
519 my $conf = $param;
520
521 eval {
522
523 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
524
525 # try to be smart about bootdisk
526 my @disks = PVE::QemuServer::valid_drive_names();
527 my $firstdisk;
528 foreach my $ds (reverse @disks) {
529 next if !$conf->{$ds};
530 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
531 next if PVE::QemuServer::drive_is_cdrom($disk);
532 $firstdisk = $ds;
533 }
534
535 if (!$conf->{bootdisk} && $firstdisk) {
536 $conf->{bootdisk} = $firstdisk;
537 }
538
539 # auto generate uuid if user did not specify smbios1 option
540 if (!$conf->{smbios1}) {
541 my ($uuid, $uuid_str);
542 UUID::generate($uuid);
543 UUID::unparse($uuid, $uuid_str);
544 $conf->{smbios1} = "uuid=$uuid_str";
545 }
546
547 PVE::QemuConfig->write_config($vmid, $conf);
548
549 };
550 my $err = $@;
551
552 if ($err) {
553 foreach my $volid (@$vollist) {
554 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
555 warn $@ if $@;
556 }
557 die "create failed - $err";
558 }
559
560 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
561 };
562
563 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
564 };
565
566 return PVE::QemuConfig->lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
567 }});
568
569 __PACKAGE__->register_method({
570 name => 'vmdiridx',
571 path => '{vmid}',
572 method => 'GET',
573 proxyto => 'node',
574 description => "Directory index",
575 permissions => {
576 user => 'all',
577 },
578 parameters => {
579 additionalProperties => 0,
580 properties => {
581 node => get_standard_option('pve-node'),
582 vmid => get_standard_option('pve-vmid'),
583 },
584 },
585 returns => {
586 type => 'array',
587 items => {
588 type => "object",
589 properties => {
590 subdir => { type => 'string' },
591 },
592 },
593 links => [ { rel => 'child', href => "{subdir}" } ],
594 },
595 code => sub {
596 my ($param) = @_;
597
598 my $res = [
599 { subdir => 'config' },
600 { subdir => 'pending' },
601 { subdir => 'status' },
602 { subdir => 'unlink' },
603 { subdir => 'vncproxy' },
604 { subdir => 'migrate' },
605 { subdir => 'resize' },
606 { subdir => 'move' },
607 { subdir => 'rrd' },
608 { subdir => 'rrddata' },
609 { subdir => 'monitor' },
610 { subdir => 'snapshot' },
611 { subdir => 'spiceproxy' },
612 { subdir => 'sendkey' },
613 { subdir => 'firewall' },
614 ];
615
616 return $res;
617 }});
618
619 __PACKAGE__->register_method ({
620 subclass => "PVE::API2::Firewall::VM",
621 path => '{vmid}/firewall',
622 });
623
624 __PACKAGE__->register_method({
625 name => 'rrd',
626 path => '{vmid}/rrd',
627 method => 'GET',
628 protected => 1, # fixme: can we avoid that?
629 permissions => {
630 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
631 },
632 description => "Read VM RRD statistics (returns PNG)",
633 parameters => {
634 additionalProperties => 0,
635 properties => {
636 node => get_standard_option('pve-node'),
637 vmid => get_standard_option('pve-vmid'),
638 timeframe => {
639 description => "Specify the time frame you are interested in.",
640 type => 'string',
641 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
642 },
643 ds => {
644 description => "The list of datasources you want to display.",
645 type => 'string', format => 'pve-configid-list',
646 },
647 cf => {
648 description => "The RRD consolidation function",
649 type => 'string',
650 enum => [ 'AVERAGE', 'MAX' ],
651 optional => 1,
652 },
653 },
654 },
655 returns => {
656 type => "object",
657 properties => {
658 filename => { type => 'string' },
659 },
660 },
661 code => sub {
662 my ($param) = @_;
663
664 return PVE::Cluster::create_rrd_graph(
665 "pve2-vm/$param->{vmid}", $param->{timeframe},
666 $param->{ds}, $param->{cf});
667
668 }});
669
670 __PACKAGE__->register_method({
671 name => 'rrddata',
672 path => '{vmid}/rrddata',
673 method => 'GET',
674 protected => 1, # fixme: can we avoid that?
675 permissions => {
676 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
677 },
678 description => "Read VM RRD statistics",
679 parameters => {
680 additionalProperties => 0,
681 properties => {
682 node => get_standard_option('pve-node'),
683 vmid => get_standard_option('pve-vmid'),
684 timeframe => {
685 description => "Specify the time frame you are interested in.",
686 type => 'string',
687 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
688 },
689 cf => {
690 description => "The RRD consolidation function",
691 type => 'string',
692 enum => [ 'AVERAGE', 'MAX' ],
693 optional => 1,
694 },
695 },
696 },
697 returns => {
698 type => "array",
699 items => {
700 type => "object",
701 properties => {},
702 },
703 },
704 code => sub {
705 my ($param) = @_;
706
707 return PVE::Cluster::create_rrd_data(
708 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
709 }});
710
711
712 __PACKAGE__->register_method({
713 name => 'vm_config',
714 path => '{vmid}/config',
715 method => 'GET',
716 proxyto => 'node',
717 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
718 permissions => {
719 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
720 },
721 parameters => {
722 additionalProperties => 0,
723 properties => {
724 node => get_standard_option('pve-node'),
725 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
726 current => {
727 description => "Get current values (instead of pending values).",
728 optional => 1,
729 default => 0,
730 type => 'boolean',
731 },
732 },
733 },
734 returns => {
735 type => "object",
736 properties => {
737 digest => {
738 type => 'string',
739 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
740 }
741 },
742 },
743 code => sub {
744 my ($param) = @_;
745
746 my $conf = PVE::QemuConfig->load_config($param->{vmid});
747
748 delete $conf->{snapshots};
749
750 if (!$param->{current}) {
751 foreach my $opt (keys %{$conf->{pending}}) {
752 next if $opt eq 'delete';
753 my $value = $conf->{pending}->{$opt};
754 next if ref($value); # just to be sure
755 $conf->{$opt} = $value;
756 }
757 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
758 foreach my $opt (keys %$pending_delete_hash) {
759 delete $conf->{$opt} if $conf->{$opt};
760 }
761 }
762
763 delete $conf->{pending};
764
765 return $conf;
766 }});
767
768 __PACKAGE__->register_method({
769 name => 'vm_pending',
770 path => '{vmid}/pending',
771 method => 'GET',
772 proxyto => 'node',
773 description => "Get virtual machine configuration, including pending changes.",
774 permissions => {
775 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
776 },
777 parameters => {
778 additionalProperties => 0,
779 properties => {
780 node => get_standard_option('pve-node'),
781 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
782 },
783 },
784 returns => {
785 type => "array",
786 items => {
787 type => "object",
788 properties => {
789 key => {
790 description => "Configuration option name.",
791 type => 'string',
792 },
793 value => {
794 description => "Current value.",
795 type => 'string',
796 optional => 1,
797 },
798 pending => {
799 description => "Pending value.",
800 type => 'string',
801 optional => 1,
802 },
803 delete => {
804 description => "Indicates a pending delete request if present and not 0. " .
805 "The value 2 indicates a force-delete request.",
806 type => 'integer',
807 minimum => 0,
808 maximum => 2,
809 optional => 1,
810 },
811 },
812 },
813 },
814 code => sub {
815 my ($param) = @_;
816
817 my $conf = PVE::QemuConfig->load_config($param->{vmid});
818
819 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
820
821 my $res = [];
822
823 foreach my $opt (keys %$conf) {
824 next if ref($conf->{$opt});
825 my $item = { key => $opt };
826 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
827 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
828 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
829 push @$res, $item;
830 }
831
832 foreach my $opt (keys %{$conf->{pending}}) {
833 next if $opt eq 'delete';
834 next if ref($conf->{pending}->{$opt}); # just to be sure
835 next if defined($conf->{$opt});
836 my $item = { key => $opt };
837 $item->{pending} = $conf->{pending}->{$opt};
838 push @$res, $item;
839 }
840
841 while (my ($opt, $force) = each %$pending_delete_hash) {
842 next if $conf->{pending}->{$opt}; # just to be sure
843 next if $conf->{$opt};
844 my $item = { key => $opt, delete => ($force ? 2 : 1)};
845 push @$res, $item;
846 }
847
848 return $res;
849 }});
850
851 # POST/PUT {vmid}/config implementation
852 #
853 # The original API used PUT (idempotent) an we assumed that all operations
854 # are fast. But it turned out that almost any configuration change can
855 # involve hot-plug actions, or disk alloc/free. Such actions can take long
856 # time to complete and have side effects (not idempotent).
857 #
858 # The new implementation uses POST and forks a worker process. We added
859 # a new option 'background_delay'. If specified we wait up to
860 # 'background_delay' second for the worker task to complete. It returns null
861 # if the task is finished within that time, else we return the UPID.
862
863 my $update_vm_api = sub {
864 my ($param, $sync) = @_;
865
866 my $rpcenv = PVE::RPCEnvironment::get();
867
868 my $authuser = $rpcenv->get_user();
869
870 my $node = extract_param($param, 'node');
871
872 my $vmid = extract_param($param, 'vmid');
873
874 my $digest = extract_param($param, 'digest');
875
876 my $background_delay = extract_param($param, 'background_delay');
877
878 my @paramarr = (); # used for log message
879 foreach my $key (keys %$param) {
880 push @paramarr, "-$key", $param->{$key};
881 }
882
883 my $skiplock = extract_param($param, 'skiplock');
884 raise_param_exc({ skiplock => "Only root may use this option." })
885 if $skiplock && $authuser ne 'root@pam';
886
887 my $delete_str = extract_param($param, 'delete');
888
889 my $revert_str = extract_param($param, 'revert');
890
891 my $force = extract_param($param, 'force');
892
893 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
894
895 my $storecfg = PVE::Storage::config();
896
897 my $defaults = PVE::QemuServer::load_defaults();
898
899 &$resolve_cdrom_alias($param);
900
901 # now try to verify all parameters
902
903 my $revert = {};
904 foreach my $opt (PVE::Tools::split_list($revert_str)) {
905 if (!PVE::QemuServer::option_exists($opt)) {
906 raise_param_exc({ revert => "unknown option '$opt'" });
907 }
908
909 raise_param_exc({ delete => "you can't use '-$opt' and " .
910 "-revert $opt' at the same time" })
911 if defined($param->{$opt});
912
913 $revert->{$opt} = 1;
914 }
915
916 my @delete = ();
917 foreach my $opt (PVE::Tools::split_list($delete_str)) {
918 $opt = 'ide2' if $opt eq 'cdrom';
919
920 raise_param_exc({ delete => "you can't use '-$opt' and " .
921 "-delete $opt' at the same time" })
922 if defined($param->{$opt});
923
924 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
925 "-revert $opt' at the same time" })
926 if $revert->{$opt};
927
928 if (!PVE::QemuServer::option_exists($opt)) {
929 raise_param_exc({ delete => "unknown option '$opt'" });
930 }
931
932 push @delete, $opt;
933 }
934
935 foreach my $opt (keys %$param) {
936 if (PVE::QemuServer::is_valid_drivename($opt)) {
937 # cleanup drive path
938 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
939 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
940 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
941 } elsif ($opt =~ m/^net(\d+)$/) {
942 # add macaddr
943 my $net = PVE::QemuServer::parse_net($param->{$opt});
944 $param->{$opt} = PVE::QemuServer::print_net($net);
945 }
946 }
947
948 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
949
950 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
951
952 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
953
954 my $updatefn = sub {
955
956 my $conf = PVE::QemuConfig->load_config($vmid);
957
958 die "checksum missmatch (file change by other user?)\n"
959 if $digest && $digest ne $conf->{digest};
960
961 PVE::QemuConfig->check_lock($conf) if !$skiplock;
962
963 foreach my $opt (keys %$revert) {
964 if (defined($conf->{$opt})) {
965 $param->{$opt} = $conf->{$opt};
966 } elsif (defined($conf->{pending}->{$opt})) {
967 push @delete, $opt;
968 }
969 }
970
971 if ($param->{memory} || defined($param->{balloon})) {
972 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
973 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
974
975 die "balloon value too large (must be smaller than assigned memory)\n"
976 if $balloon && $balloon > $maxmem;
977 }
978
979 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
980
981 my $worker = sub {
982
983 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
984
985 # write updates to pending section
986
987 my $modified = {}; # record what $option we modify
988
989 foreach my $opt (@delete) {
990 $modified->{$opt} = 1;
991 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
992 if ($opt =~ m/^unused/) {
993 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
994 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
995 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
996 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
997 delete $conf->{$opt};
998 PVE::QemuConfig->write_config($vmid, $conf);
999 }
1000 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1001 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
1002 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1003 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1004 if defined($conf->{pending}->{$opt});
1005 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1006 PVE::QemuConfig->write_config($vmid, $conf);
1007 } else {
1008 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1009 PVE::QemuConfig->write_config($vmid, $conf);
1010 }
1011 }
1012
1013 foreach my $opt (keys %$param) { # add/change
1014 $modified->{$opt} = 1;
1015 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1016 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1017
1018 if (PVE::QemuServer::is_valid_drivename($opt)) {
1019 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1020 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1021 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1022 } else {
1023 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1024 }
1025 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1026 if defined($conf->{pending}->{$opt});
1027
1028 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1029 } else {
1030 $conf->{pending}->{$opt} = $param->{$opt};
1031 }
1032 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
1033 PVE::QemuConfig->write_config($vmid, $conf);
1034 }
1035
1036 # remove pending changes when nothing changed
1037 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1038 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
1039 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
1040
1041 return if !scalar(keys %{$conf->{pending}});
1042
1043 my $running = PVE::QemuServer::check_running($vmid);
1044
1045 # apply pending changes
1046
1047 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1048
1049 if ($running) {
1050 my $errors = {};
1051 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1052 raise_param_exc($errors) if scalar(keys %$errors);
1053 } else {
1054 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1055 }
1056
1057 return;
1058 };
1059
1060 if ($sync) {
1061 &$worker();
1062 return undef;
1063 } else {
1064 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1065
1066 if ($background_delay) {
1067
1068 # Note: It would be better to do that in the Event based HTTPServer
1069 # to avoid blocking call to sleep.
1070
1071 my $end_time = time() + $background_delay;
1072
1073 my $task = PVE::Tools::upid_decode($upid);
1074
1075 my $running = 1;
1076 while (time() < $end_time) {
1077 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1078 last if !$running;
1079 sleep(1); # this gets interrupted when child process ends
1080 }
1081
1082 if (!$running) {
1083 my $status = PVE::Tools::upid_read_status($upid);
1084 return undef if $status eq 'OK';
1085 die $status;
1086 }
1087 }
1088
1089 return $upid;
1090 }
1091 };
1092
1093 return PVE::QemuConfig->lock_config($vmid, $updatefn);
1094 };
1095
1096 my $vm_config_perm_list = [
1097 'VM.Config.Disk',
1098 'VM.Config.CDROM',
1099 'VM.Config.CPU',
1100 'VM.Config.Memory',
1101 'VM.Config.Network',
1102 'VM.Config.HWType',
1103 'VM.Config.Options',
1104 ];
1105
1106 __PACKAGE__->register_method({
1107 name => 'update_vm_async',
1108 path => '{vmid}/config',
1109 method => 'POST',
1110 protected => 1,
1111 proxyto => 'node',
1112 description => "Set virtual machine options (asynchrounous API).",
1113 permissions => {
1114 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1115 },
1116 parameters => {
1117 additionalProperties => 0,
1118 properties => PVE::QemuServer::json_config_properties(
1119 {
1120 node => get_standard_option('pve-node'),
1121 vmid => get_standard_option('pve-vmid'),
1122 skiplock => get_standard_option('skiplock'),
1123 delete => {
1124 type => 'string', format => 'pve-configid-list',
1125 description => "A list of settings you want to delete.",
1126 optional => 1,
1127 },
1128 revert => {
1129 type => 'string', format => 'pve-configid-list',
1130 description => "Revert a pending change.",
1131 optional => 1,
1132 },
1133 force => {
1134 type => 'boolean',
1135 description => $opt_force_description,
1136 optional => 1,
1137 requires => 'delete',
1138 },
1139 digest => {
1140 type => 'string',
1141 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1142 maxLength => 40,
1143 optional => 1,
1144 },
1145 background_delay => {
1146 type => 'integer',
1147 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1148 minimum => 1,
1149 maximum => 30,
1150 optional => 1,
1151 },
1152 }),
1153 },
1154 returns => {
1155 type => 'string',
1156 optional => 1,
1157 },
1158 code => $update_vm_api,
1159 });
1160
1161 __PACKAGE__->register_method({
1162 name => 'update_vm',
1163 path => '{vmid}/config',
1164 method => 'PUT',
1165 protected => 1,
1166 proxyto => 'node',
1167 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1168 permissions => {
1169 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1170 },
1171 parameters => {
1172 additionalProperties => 0,
1173 properties => PVE::QemuServer::json_config_properties(
1174 {
1175 node => get_standard_option('pve-node'),
1176 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1177 skiplock => get_standard_option('skiplock'),
1178 delete => {
1179 type => 'string', format => 'pve-configid-list',
1180 description => "A list of settings you want to delete.",
1181 optional => 1,
1182 },
1183 revert => {
1184 type => 'string', format => 'pve-configid-list',
1185 description => "Revert a pending change.",
1186 optional => 1,
1187 },
1188 force => {
1189 type => 'boolean',
1190 description => $opt_force_description,
1191 optional => 1,
1192 requires => 'delete',
1193 },
1194 digest => {
1195 type => 'string',
1196 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1197 maxLength => 40,
1198 optional => 1,
1199 },
1200 }),
1201 },
1202 returns => { type => 'null' },
1203 code => sub {
1204 my ($param) = @_;
1205 &$update_vm_api($param, 1);
1206 return undef;
1207 }
1208 });
1209
1210
1211 __PACKAGE__->register_method({
1212 name => 'destroy_vm',
1213 path => '{vmid}',
1214 method => 'DELETE',
1215 protected => 1,
1216 proxyto => 'node',
1217 description => "Destroy the vm (also delete all used/owned volumes).",
1218 permissions => {
1219 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1220 },
1221 parameters => {
1222 additionalProperties => 0,
1223 properties => {
1224 node => get_standard_option('pve-node'),
1225 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1226 skiplock => get_standard_option('skiplock'),
1227 },
1228 },
1229 returns => {
1230 type => 'string',
1231 },
1232 code => sub {
1233 my ($param) = @_;
1234
1235 my $rpcenv = PVE::RPCEnvironment::get();
1236
1237 my $authuser = $rpcenv->get_user();
1238
1239 my $vmid = $param->{vmid};
1240
1241 my $skiplock = $param->{skiplock};
1242 raise_param_exc({ skiplock => "Only root may use this option." })
1243 if $skiplock && $authuser ne 'root@pam';
1244
1245 # test if VM exists
1246 my $conf = PVE::QemuConfig->load_config($vmid);
1247
1248 my $storecfg = PVE::Storage::config();
1249
1250 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
1251
1252 die "unable to remove VM $vmid - used in HA resources\n"
1253 if PVE::HA::Config::vm_is_ha_managed($vmid);
1254
1255 # early tests (repeat after locking)
1256 die "VM $vmid is running - destroy failed\n"
1257 if PVE::QemuServer::check_running($vmid);
1258
1259 my $realcmd = sub {
1260 my $upid = shift;
1261
1262 syslog('info', "destroy VM $vmid: $upid\n");
1263
1264 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1265
1266 PVE::AccessControl::remove_vm_access($vmid);
1267
1268 PVE::Firewall::remove_vmfw_conf($vmid);
1269 };
1270
1271 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1272 }});
1273
1274 __PACKAGE__->register_method({
1275 name => 'unlink',
1276 path => '{vmid}/unlink',
1277 method => 'PUT',
1278 protected => 1,
1279 proxyto => 'node',
1280 description => "Unlink/delete disk images.",
1281 permissions => {
1282 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1283 },
1284 parameters => {
1285 additionalProperties => 0,
1286 properties => {
1287 node => get_standard_option('pve-node'),
1288 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1289 idlist => {
1290 type => 'string', format => 'pve-configid-list',
1291 description => "A list of disk IDs you want to delete.",
1292 },
1293 force => {
1294 type => 'boolean',
1295 description => $opt_force_description,
1296 optional => 1,
1297 },
1298 },
1299 },
1300 returns => { type => 'null'},
1301 code => sub {
1302 my ($param) = @_;
1303
1304 $param->{delete} = extract_param($param, 'idlist');
1305
1306 __PACKAGE__->update_vm($param);
1307
1308 return undef;
1309 }});
1310
1311 my $sslcert;
1312
1313 __PACKAGE__->register_method({
1314 name => 'vncproxy',
1315 path => '{vmid}/vncproxy',
1316 method => 'POST',
1317 protected => 1,
1318 permissions => {
1319 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1320 },
1321 description => "Creates a TCP VNC proxy connections.",
1322 parameters => {
1323 additionalProperties => 0,
1324 properties => {
1325 node => get_standard_option('pve-node'),
1326 vmid => get_standard_option('pve-vmid'),
1327 websocket => {
1328 optional => 1,
1329 type => 'boolean',
1330 description => "starts websockify instead of vncproxy",
1331 },
1332 },
1333 },
1334 returns => {
1335 additionalProperties => 0,
1336 properties => {
1337 user => { type => 'string' },
1338 ticket => { type => 'string' },
1339 cert => { type => 'string' },
1340 port => { type => 'integer' },
1341 upid => { type => 'string' },
1342 },
1343 },
1344 code => sub {
1345 my ($param) = @_;
1346
1347 my $rpcenv = PVE::RPCEnvironment::get();
1348
1349 my $authuser = $rpcenv->get_user();
1350
1351 my $vmid = $param->{vmid};
1352 my $node = $param->{node};
1353 my $websocket = $param->{websocket};
1354
1355 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1356
1357 my $authpath = "/vms/$vmid";
1358
1359 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1360
1361 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1362 if !$sslcert;
1363
1364 my ($remip, $family);
1365 my $remcmd = [];
1366
1367 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1368 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
1369 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1370 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1371 } else {
1372 $family = PVE::Tools::get_host_address_family($node);
1373 }
1374
1375 my $port = PVE::Tools::next_vnc_port($family);
1376
1377 my $timeout = 10;
1378
1379 my $realcmd = sub {
1380 my $upid = shift;
1381
1382 syslog('info', "starting vnc proxy $upid\n");
1383
1384 my $cmd;
1385
1386 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1387
1388 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1389
1390 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1391 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1392 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1393 '-timeout', $timeout, '-authpath', $authpath,
1394 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1395 } else {
1396
1397 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1398
1399 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1400
1401 my $qmstr = join(' ', @$qmcmd);
1402
1403 # also redirect stderr (else we get RFB protocol errors)
1404 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1405 }
1406
1407 PVE::Tools::run_command($cmd);
1408
1409 return;
1410 };
1411
1412 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1413
1414 PVE::Tools::wait_for_vnc_port($port);
1415
1416 return {
1417 user => $authuser,
1418 ticket => $ticket,
1419 port => $port,
1420 upid => $upid,
1421 cert => $sslcert,
1422 };
1423 }});
1424
1425 __PACKAGE__->register_method({
1426 name => 'vncwebsocket',
1427 path => '{vmid}/vncwebsocket',
1428 method => 'GET',
1429 permissions => {
1430 description => "You also need to pass a valid ticket (vncticket).",
1431 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1432 },
1433 description => "Opens a weksocket for VNC traffic.",
1434 parameters => {
1435 additionalProperties => 0,
1436 properties => {
1437 node => get_standard_option('pve-node'),
1438 vmid => get_standard_option('pve-vmid'),
1439 vncticket => {
1440 description => "Ticket from previous call to vncproxy.",
1441 type => 'string',
1442 maxLength => 512,
1443 },
1444 port => {
1445 description => "Port number returned by previous vncproxy call.",
1446 type => 'integer',
1447 minimum => 5900,
1448 maximum => 5999,
1449 },
1450 },
1451 },
1452 returns => {
1453 type => "object",
1454 properties => {
1455 port => { type => 'string' },
1456 },
1457 },
1458 code => sub {
1459 my ($param) = @_;
1460
1461 my $rpcenv = PVE::RPCEnvironment::get();
1462
1463 my $authuser = $rpcenv->get_user();
1464
1465 my $vmid = $param->{vmid};
1466 my $node = $param->{node};
1467
1468 my $authpath = "/vms/$vmid";
1469
1470 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1471
1472 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
1473
1474 # Note: VNC ports are acessible from outside, so we do not gain any
1475 # security if we verify that $param->{port} belongs to VM $vmid. This
1476 # check is done by verifying the VNC ticket (inside VNC protocol).
1477
1478 my $port = $param->{port};
1479
1480 return { port => $port };
1481 }});
1482
1483 __PACKAGE__->register_method({
1484 name => 'spiceproxy',
1485 path => '{vmid}/spiceproxy',
1486 method => 'POST',
1487 protected => 1,
1488 proxyto => 'node',
1489 permissions => {
1490 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1491 },
1492 description => "Returns a SPICE configuration to connect to the VM.",
1493 parameters => {
1494 additionalProperties => 0,
1495 properties => {
1496 node => get_standard_option('pve-node'),
1497 vmid => get_standard_option('pve-vmid'),
1498 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1499 },
1500 },
1501 returns => get_standard_option('remote-viewer-config'),
1502 code => sub {
1503 my ($param) = @_;
1504
1505 my $rpcenv = PVE::RPCEnvironment::get();
1506
1507 my $authuser = $rpcenv->get_user();
1508
1509 my $vmid = $param->{vmid};
1510 my $node = $param->{node};
1511 my $proxy = $param->{proxy};
1512
1513 my $conf = PVE::QemuConfig->load_config($vmid, $node);
1514 my $title = "VM $vmid";
1515 $title .= " - ". $conf->{name} if $conf->{name};
1516
1517 my $port = PVE::QemuServer::spice_port($vmid);
1518
1519 my ($ticket, undef, $remote_viewer_config) =
1520 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1521
1522 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1523 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1524
1525 return $remote_viewer_config;
1526 }});
1527
1528 __PACKAGE__->register_method({
1529 name => 'vmcmdidx',
1530 path => '{vmid}/status',
1531 method => 'GET',
1532 proxyto => 'node',
1533 description => "Directory index",
1534 permissions => {
1535 user => 'all',
1536 },
1537 parameters => {
1538 additionalProperties => 0,
1539 properties => {
1540 node => get_standard_option('pve-node'),
1541 vmid => get_standard_option('pve-vmid'),
1542 },
1543 },
1544 returns => {
1545 type => 'array',
1546 items => {
1547 type => "object",
1548 properties => {
1549 subdir => { type => 'string' },
1550 },
1551 },
1552 links => [ { rel => 'child', href => "{subdir}" } ],
1553 },
1554 code => sub {
1555 my ($param) = @_;
1556
1557 # test if VM exists
1558 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1559
1560 my $res = [
1561 { subdir => 'current' },
1562 { subdir => 'start' },
1563 { subdir => 'stop' },
1564 ];
1565
1566 return $res;
1567 }});
1568
1569 __PACKAGE__->register_method({
1570 name => 'vm_status',
1571 path => '{vmid}/status/current',
1572 method => 'GET',
1573 proxyto => 'node',
1574 protected => 1, # qemu pid files are only readable by root
1575 description => "Get virtual machine status.",
1576 permissions => {
1577 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1578 },
1579 parameters => {
1580 additionalProperties => 0,
1581 properties => {
1582 node => get_standard_option('pve-node'),
1583 vmid => get_standard_option('pve-vmid'),
1584 },
1585 },
1586 returns => { type => 'object' },
1587 code => sub {
1588 my ($param) = @_;
1589
1590 # test if VM exists
1591 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1592
1593 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1594 my $status = $vmstatus->{$param->{vmid}};
1595
1596 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
1597
1598 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1599
1600 return $status;
1601 }});
1602
1603 __PACKAGE__->register_method({
1604 name => 'vm_start',
1605 path => '{vmid}/status/start',
1606 method => 'POST',
1607 protected => 1,
1608 proxyto => 'node',
1609 description => "Start virtual machine.",
1610 permissions => {
1611 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1612 },
1613 parameters => {
1614 additionalProperties => 0,
1615 properties => {
1616 node => get_standard_option('pve-node'),
1617 vmid => get_standard_option('pve-vmid',
1618 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1619 skiplock => get_standard_option('skiplock'),
1620 stateuri => get_standard_option('pve-qm-stateuri'),
1621 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1622 machine => get_standard_option('pve-qm-machine'),
1623 },
1624 },
1625 returns => {
1626 type => 'string',
1627 },
1628 code => sub {
1629 my ($param) = @_;
1630
1631 my $rpcenv = PVE::RPCEnvironment::get();
1632
1633 my $authuser = $rpcenv->get_user();
1634
1635 my $node = extract_param($param, 'node');
1636
1637 my $vmid = extract_param($param, 'vmid');
1638
1639 my $machine = extract_param($param, 'machine');
1640
1641 my $stateuri = extract_param($param, 'stateuri');
1642 raise_param_exc({ stateuri => "Only root may use this option." })
1643 if $stateuri && $authuser ne 'root@pam';
1644
1645 my $skiplock = extract_param($param, 'skiplock');
1646 raise_param_exc({ skiplock => "Only root may use this option." })
1647 if $skiplock && $authuser ne 'root@pam';
1648
1649 my $migratedfrom = extract_param($param, 'migratedfrom');
1650 raise_param_exc({ migratedfrom => "Only root may use this option." })
1651 if $migratedfrom && $authuser ne 'root@pam';
1652
1653 # read spice ticket from STDIN
1654 my $spice_ticket;
1655 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1656 if (defined(my $line = <>)) {
1657 chomp $line;
1658 $spice_ticket = $line;
1659 }
1660 }
1661
1662 PVE::Cluster::check_cfs_quorum();
1663
1664 my $storecfg = PVE::Storage::config();
1665
1666 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1667 $rpcenv->{type} ne 'ha') {
1668
1669 my $hacmd = sub {
1670 my $upid = shift;
1671
1672 my $service = "vm:$vmid";
1673
1674 my $cmd = ['ha-manager', 'enable', $service];
1675
1676 print "Executing HA start for VM $vmid\n";
1677
1678 PVE::Tools::run_command($cmd);
1679
1680 return;
1681 };
1682
1683 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1684
1685 } else {
1686
1687 my $realcmd = sub {
1688 my $upid = shift;
1689
1690 syslog('info', "start VM $vmid: $upid\n");
1691
1692 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1693 $machine, $spice_ticket);
1694
1695 return;
1696 };
1697
1698 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1699 }
1700 }});
1701
1702 __PACKAGE__->register_method({
1703 name => 'vm_stop',
1704 path => '{vmid}/status/stop',
1705 method => 'POST',
1706 protected => 1,
1707 proxyto => 'node',
1708 description => "Stop virtual machine. The qemu process will exit immediately. This" .
1709 "is akin to pulling the power plug of a running computer and may damage the VM data",
1710 permissions => {
1711 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1712 },
1713 parameters => {
1714 additionalProperties => 0,
1715 properties => {
1716 node => get_standard_option('pve-node'),
1717 vmid => get_standard_option('pve-vmid',
1718 { completion => \&PVE::QemuServer::complete_vmid_running }),
1719 skiplock => get_standard_option('skiplock'),
1720 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1721 timeout => {
1722 description => "Wait maximal timeout seconds.",
1723 type => 'integer',
1724 minimum => 0,
1725 optional => 1,
1726 },
1727 keepActive => {
1728 description => "Do not decativate storage volumes.",
1729 type => 'boolean',
1730 optional => 1,
1731 default => 0,
1732 }
1733 },
1734 },
1735 returns => {
1736 type => 'string',
1737 },
1738 code => sub {
1739 my ($param) = @_;
1740
1741 my $rpcenv = PVE::RPCEnvironment::get();
1742
1743 my $authuser = $rpcenv->get_user();
1744
1745 my $node = extract_param($param, 'node');
1746
1747 my $vmid = extract_param($param, 'vmid');
1748
1749 my $skiplock = extract_param($param, 'skiplock');
1750 raise_param_exc({ skiplock => "Only root may use this option." })
1751 if $skiplock && $authuser ne 'root@pam';
1752
1753 my $keepActive = extract_param($param, 'keepActive');
1754 raise_param_exc({ keepActive => "Only root may use this option." })
1755 if $keepActive && $authuser ne 'root@pam';
1756
1757 my $migratedfrom = extract_param($param, 'migratedfrom');
1758 raise_param_exc({ migratedfrom => "Only root may use this option." })
1759 if $migratedfrom && $authuser ne 'root@pam';
1760
1761
1762 my $storecfg = PVE::Storage::config();
1763
1764 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1765
1766 my $hacmd = sub {
1767 my $upid = shift;
1768
1769 my $service = "vm:$vmid";
1770
1771 my $cmd = ['ha-manager', 'disable', $service];
1772
1773 print "Executing HA stop for VM $vmid\n";
1774
1775 PVE::Tools::run_command($cmd);
1776
1777 return;
1778 };
1779
1780 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1781
1782 } else {
1783 my $realcmd = sub {
1784 my $upid = shift;
1785
1786 syslog('info', "stop VM $vmid: $upid\n");
1787
1788 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1789 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1790
1791 return;
1792 };
1793
1794 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1795 }
1796 }});
1797
1798 __PACKAGE__->register_method({
1799 name => 'vm_reset',
1800 path => '{vmid}/status/reset',
1801 method => 'POST',
1802 protected => 1,
1803 proxyto => 'node',
1804 description => "Reset virtual machine.",
1805 permissions => {
1806 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1807 },
1808 parameters => {
1809 additionalProperties => 0,
1810 properties => {
1811 node => get_standard_option('pve-node'),
1812 vmid => get_standard_option('pve-vmid',
1813 { completion => \&PVE::QemuServer::complete_vmid_running }),
1814 skiplock => get_standard_option('skiplock'),
1815 },
1816 },
1817 returns => {
1818 type => 'string',
1819 },
1820 code => sub {
1821 my ($param) = @_;
1822
1823 my $rpcenv = PVE::RPCEnvironment::get();
1824
1825 my $authuser = $rpcenv->get_user();
1826
1827 my $node = extract_param($param, 'node');
1828
1829 my $vmid = extract_param($param, 'vmid');
1830
1831 my $skiplock = extract_param($param, 'skiplock');
1832 raise_param_exc({ skiplock => "Only root may use this option." })
1833 if $skiplock && $authuser ne 'root@pam';
1834
1835 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1836
1837 my $realcmd = sub {
1838 my $upid = shift;
1839
1840 PVE::QemuServer::vm_reset($vmid, $skiplock);
1841
1842 return;
1843 };
1844
1845 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1846 }});
1847
1848 __PACKAGE__->register_method({
1849 name => 'vm_shutdown',
1850 path => '{vmid}/status/shutdown',
1851 method => 'POST',
1852 protected => 1,
1853 proxyto => 'node',
1854 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
1855 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
1856 permissions => {
1857 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1858 },
1859 parameters => {
1860 additionalProperties => 0,
1861 properties => {
1862 node => get_standard_option('pve-node'),
1863 vmid => get_standard_option('pve-vmid',
1864 { completion => \&PVE::QemuServer::complete_vmid_running }),
1865 skiplock => get_standard_option('skiplock'),
1866 timeout => {
1867 description => "Wait maximal timeout seconds.",
1868 type => 'integer',
1869 minimum => 0,
1870 optional => 1,
1871 },
1872 forceStop => {
1873 description => "Make sure the VM stops.",
1874 type => 'boolean',
1875 optional => 1,
1876 default => 0,
1877 },
1878 keepActive => {
1879 description => "Do not decativate storage volumes.",
1880 type => 'boolean',
1881 optional => 1,
1882 default => 0,
1883 }
1884 },
1885 },
1886 returns => {
1887 type => 'string',
1888 },
1889 code => sub {
1890 my ($param) = @_;
1891
1892 my $rpcenv = PVE::RPCEnvironment::get();
1893
1894 my $authuser = $rpcenv->get_user();
1895
1896 my $node = extract_param($param, 'node');
1897
1898 my $vmid = extract_param($param, 'vmid');
1899
1900 my $skiplock = extract_param($param, 'skiplock');
1901 raise_param_exc({ skiplock => "Only root may use this option." })
1902 if $skiplock && $authuser ne 'root@pam';
1903
1904 my $keepActive = extract_param($param, 'keepActive');
1905 raise_param_exc({ keepActive => "Only root may use this option." })
1906 if $keepActive && $authuser ne 'root@pam';
1907
1908 my $storecfg = PVE::Storage::config();
1909
1910 my $shutdown = 1;
1911
1912 # if vm is paused, do not shutdown (but stop if forceStop = 1)
1913 # otherwise, we will infer a shutdown command, but run into the timeout,
1914 # then when the vm is resumed, it will instantly shutdown
1915 #
1916 # checking the qmp status here to get feedback to the gui/cli/api
1917 # and the status query should not take too long
1918 my $qmpstatus;
1919 eval {
1920 $qmpstatus = PVE::QemuServer::vm_qmp_command($vmid, { execute => "query-status" }, 0);
1921 };
1922 my $err = $@ if $@;
1923
1924 if (!$err && $qmpstatus->{status} eq "paused") {
1925 if ($param->{forceStop}) {
1926 warn "VM is paused - stop instead of shutdown\n";
1927 $shutdown = 0;
1928 } else {
1929 die "VM is paused - cannot shutdown\n";
1930 }
1931 }
1932
1933 my $realcmd = sub {
1934 my $upid = shift;
1935
1936 syslog('info', "shutdown VM $vmid: $upid\n");
1937
1938 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1939 $shutdown, $param->{forceStop}, $keepActive);
1940
1941 return;
1942 };
1943
1944 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1945 }});
1946
1947 __PACKAGE__->register_method({
1948 name => 'vm_suspend',
1949 path => '{vmid}/status/suspend',
1950 method => 'POST',
1951 protected => 1,
1952 proxyto => 'node',
1953 description => "Suspend virtual machine.",
1954 permissions => {
1955 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1956 },
1957 parameters => {
1958 additionalProperties => 0,
1959 properties => {
1960 node => get_standard_option('pve-node'),
1961 vmid => get_standard_option('pve-vmid',
1962 { completion => \&PVE::QemuServer::complete_vmid_running }),
1963 skiplock => get_standard_option('skiplock'),
1964 },
1965 },
1966 returns => {
1967 type => 'string',
1968 },
1969 code => sub {
1970 my ($param) = @_;
1971
1972 my $rpcenv = PVE::RPCEnvironment::get();
1973
1974 my $authuser = $rpcenv->get_user();
1975
1976 my $node = extract_param($param, 'node');
1977
1978 my $vmid = extract_param($param, 'vmid');
1979
1980 my $skiplock = extract_param($param, 'skiplock');
1981 raise_param_exc({ skiplock => "Only root may use this option." })
1982 if $skiplock && $authuser ne 'root@pam';
1983
1984 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1985
1986 my $realcmd = sub {
1987 my $upid = shift;
1988
1989 syslog('info', "suspend VM $vmid: $upid\n");
1990
1991 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1992
1993 return;
1994 };
1995
1996 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1997 }});
1998
1999 __PACKAGE__->register_method({
2000 name => 'vm_resume',
2001 path => '{vmid}/status/resume',
2002 method => 'POST',
2003 protected => 1,
2004 proxyto => 'node',
2005 description => "Resume virtual machine.",
2006 permissions => {
2007 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2008 },
2009 parameters => {
2010 additionalProperties => 0,
2011 properties => {
2012 node => get_standard_option('pve-node'),
2013 vmid => get_standard_option('pve-vmid',
2014 { completion => \&PVE::QemuServer::complete_vmid_running }),
2015 skiplock => get_standard_option('skiplock'),
2016 nocheck => { type => 'boolean', optional => 1 },
2017
2018 },
2019 },
2020 returns => {
2021 type => 'string',
2022 },
2023 code => sub {
2024 my ($param) = @_;
2025
2026 my $rpcenv = PVE::RPCEnvironment::get();
2027
2028 my $authuser = $rpcenv->get_user();
2029
2030 my $node = extract_param($param, 'node');
2031
2032 my $vmid = extract_param($param, 'vmid');
2033
2034 my $skiplock = extract_param($param, 'skiplock');
2035 raise_param_exc({ skiplock => "Only root may use this option." })
2036 if $skiplock && $authuser ne 'root@pam';
2037
2038 my $nocheck = extract_param($param, 'nocheck');
2039
2040 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck);
2041
2042 my $realcmd = sub {
2043 my $upid = shift;
2044
2045 syslog('info', "resume VM $vmid: $upid\n");
2046
2047 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
2048
2049 return;
2050 };
2051
2052 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2053 }});
2054
2055 __PACKAGE__->register_method({
2056 name => 'vm_sendkey',
2057 path => '{vmid}/sendkey',
2058 method => 'PUT',
2059 protected => 1,
2060 proxyto => 'node',
2061 description => "Send key event to virtual machine.",
2062 permissions => {
2063 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2064 },
2065 parameters => {
2066 additionalProperties => 0,
2067 properties => {
2068 node => get_standard_option('pve-node'),
2069 vmid => get_standard_option('pve-vmid',
2070 { completion => \&PVE::QemuServer::complete_vmid_running }),
2071 skiplock => get_standard_option('skiplock'),
2072 key => {
2073 description => "The key (qemu monitor encoding).",
2074 type => 'string'
2075 }
2076 },
2077 },
2078 returns => { type => 'null'},
2079 code => sub {
2080 my ($param) = @_;
2081
2082 my $rpcenv = PVE::RPCEnvironment::get();
2083
2084 my $authuser = $rpcenv->get_user();
2085
2086 my $node = extract_param($param, 'node');
2087
2088 my $vmid = extract_param($param, 'vmid');
2089
2090 my $skiplock = extract_param($param, 'skiplock');
2091 raise_param_exc({ skiplock => "Only root may use this option." })
2092 if $skiplock && $authuser ne 'root@pam';
2093
2094 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2095
2096 return;
2097 }});
2098
2099 __PACKAGE__->register_method({
2100 name => 'vm_feature',
2101 path => '{vmid}/feature',
2102 method => 'GET',
2103 proxyto => 'node',
2104 protected => 1,
2105 description => "Check if feature for virtual machine is available.",
2106 permissions => {
2107 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2108 },
2109 parameters => {
2110 additionalProperties => 0,
2111 properties => {
2112 node => get_standard_option('pve-node'),
2113 vmid => get_standard_option('pve-vmid'),
2114 feature => {
2115 description => "Feature to check.",
2116 type => 'string',
2117 enum => [ 'snapshot', 'clone', 'copy' ],
2118 },
2119 snapname => get_standard_option('pve-snapshot-name', {
2120 optional => 1,
2121 }),
2122 },
2123 },
2124 returns => {
2125 type => "object",
2126 properties => {
2127 hasFeature => { type => 'boolean' },
2128 nodes => {
2129 type => 'array',
2130 items => { type => 'string' },
2131 }
2132 },
2133 },
2134 code => sub {
2135 my ($param) = @_;
2136
2137 my $node = extract_param($param, 'node');
2138
2139 my $vmid = extract_param($param, 'vmid');
2140
2141 my $snapname = extract_param($param, 'snapname');
2142
2143 my $feature = extract_param($param, 'feature');
2144
2145 my $running = PVE::QemuServer::check_running($vmid);
2146
2147 my $conf = PVE::QemuConfig->load_config($vmid);
2148
2149 if($snapname){
2150 my $snap = $conf->{snapshots}->{$snapname};
2151 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2152 $conf = $snap;
2153 }
2154 my $storecfg = PVE::Storage::config();
2155
2156 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2157 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
2158
2159 return {
2160 hasFeature => $hasFeature,
2161 nodes => [ keys %$nodelist ],
2162 };
2163 }});
2164
2165 __PACKAGE__->register_method({
2166 name => 'clone_vm',
2167 path => '{vmid}/clone',
2168 method => 'POST',
2169 protected => 1,
2170 proxyto => 'node',
2171 description => "Create a copy of virtual machine/template.",
2172 permissions => {
2173 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2174 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2175 "'Datastore.AllocateSpace' on any used storage.",
2176 check =>
2177 [ 'and',
2178 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2179 [ 'or',
2180 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2181 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2182 ],
2183 ]
2184 },
2185 parameters => {
2186 additionalProperties => 0,
2187 properties => {
2188 node => get_standard_option('pve-node'),
2189 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2190 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2191 name => {
2192 optional => 1,
2193 type => 'string', format => 'dns-name',
2194 description => "Set a name for the new VM.",
2195 },
2196 description => {
2197 optional => 1,
2198 type => 'string',
2199 description => "Description for the new VM.",
2200 },
2201 pool => {
2202 optional => 1,
2203 type => 'string', format => 'pve-poolid',
2204 description => "Add the new VM to the specified pool.",
2205 },
2206 snapname => get_standard_option('pve-snapshot-name', {
2207 optional => 1,
2208 }),
2209 storage => get_standard_option('pve-storage-id', {
2210 description => "Target storage for full clone.",
2211 requires => 'full',
2212 optional => 1,
2213 }),
2214 'format' => {
2215 description => "Target format for file storage.",
2216 requires => 'full',
2217 type => 'string',
2218 optional => 1,
2219 enum => [ 'raw', 'qcow2', 'vmdk'],
2220 },
2221 full => {
2222 optional => 1,
2223 type => 'boolean',
2224 description => "Create a full copy of all disk. This is always done when " .
2225 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2226 default => 0,
2227 },
2228 target => get_standard_option('pve-node', {
2229 description => "Target node. Only allowed if the original VM is on shared storage.",
2230 optional => 1,
2231 }),
2232 },
2233 },
2234 returns => {
2235 type => 'string',
2236 },
2237 code => sub {
2238 my ($param) = @_;
2239
2240 my $rpcenv = PVE::RPCEnvironment::get();
2241
2242 my $authuser = $rpcenv->get_user();
2243
2244 my $node = extract_param($param, 'node');
2245
2246 my $vmid = extract_param($param, 'vmid');
2247
2248 my $newid = extract_param($param, 'newid');
2249
2250 my $pool = extract_param($param, 'pool');
2251
2252 if (defined($pool)) {
2253 $rpcenv->check_pool_exist($pool);
2254 }
2255
2256 my $snapname = extract_param($param, 'snapname');
2257
2258 my $storage = extract_param($param, 'storage');
2259
2260 my $format = extract_param($param, 'format');
2261
2262 my $target = extract_param($param, 'target');
2263
2264 my $localnode = PVE::INotify::nodename();
2265
2266 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2267
2268 PVE::Cluster::check_node_exists($target) if $target;
2269
2270 my $storecfg = PVE::Storage::config();
2271
2272 if ($storage) {
2273 # check if storage is enabled on local node
2274 PVE::Storage::storage_check_enabled($storecfg, $storage);
2275 if ($target) {
2276 # check if storage is available on target node
2277 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2278 # clone only works if target storage is shared
2279 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2280 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2281 }
2282 }
2283
2284 PVE::Cluster::check_cfs_quorum();
2285
2286 my $running = PVE::QemuServer::check_running($vmid) || 0;
2287
2288 # exclusive lock if VM is running - else shared lock is enough;
2289 my $shared_lock = $running ? 0 : 1;
2290
2291 my $clonefn = sub {
2292
2293 # do all tests after lock
2294 # we also try to do all tests before we fork the worker
2295
2296 my $conf = PVE::QemuConfig->load_config($vmid);
2297
2298 PVE::QemuConfig->check_lock($conf);
2299
2300 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2301
2302 die "unexpected state change\n" if $verify_running != $running;
2303
2304 die "snapshot '$snapname' does not exist\n"
2305 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2306
2307 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2308
2309 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2310
2311 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2312
2313 my $conffile = PVE::QemuConfig->config_file($newid);
2314
2315 die "unable to create VM $newid: config file already exists\n"
2316 if -f $conffile;
2317
2318 my $newconf = { lock => 'clone' };
2319 my $drives = {};
2320 my $fullclone = {};
2321 my $vollist = [];
2322
2323 foreach my $opt (keys %$oldconf) {
2324 my $value = $oldconf->{$opt};
2325
2326 # do not copy snapshot related info
2327 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2328 $opt eq 'vmstate' || $opt eq 'snapstate';
2329
2330 # no need to copy unused images, because VMID(owner) changes anyways
2331 next if $opt =~ m/^unused\d+$/;
2332
2333 # always change MAC! address
2334 if ($opt =~ m/^net(\d+)$/) {
2335 my $net = PVE::QemuServer::parse_net($value);
2336 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2337 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
2338 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2339 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
2340 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2341 die "unable to parse drive options for '$opt'\n" if !$drive;
2342 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2343 $newconf->{$opt} = $value; # simply copy configuration
2344 } else {
2345 if ($param->{full}) {
2346 die "Full clone feature is not available"
2347 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2348 $fullclone->{$opt} = 1;
2349 } else {
2350 # not full means clone instead of copy
2351 die "Linked clone feature is not available"
2352 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2353 }
2354 $drives->{$opt} = $drive;
2355 push @$vollist, $drive->{file};
2356 }
2357 } else {
2358 # copy everything else
2359 $newconf->{$opt} = $value;
2360 }
2361 }
2362
2363 # auto generate a new uuid
2364 my ($uuid, $uuid_str);
2365 UUID::generate($uuid);
2366 UUID::unparse($uuid, $uuid_str);
2367 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2368 $smbios1->{uuid} = $uuid_str;
2369 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2370
2371 delete $newconf->{template};
2372
2373 if ($param->{name}) {
2374 $newconf->{name} = $param->{name};
2375 } else {
2376 if ($oldconf->{name}) {
2377 $newconf->{name} = "Copy-of-$oldconf->{name}";
2378 } else {
2379 $newconf->{name} = "Copy-of-VM-$vmid";
2380 }
2381 }
2382
2383 if ($param->{description}) {
2384 $newconf->{description} = $param->{description};
2385 }
2386
2387 # create empty/temp config - this fails if VM already exists on other node
2388 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2389
2390 my $realcmd = sub {
2391 my $upid = shift;
2392
2393 my $newvollist = [];
2394
2395 eval {
2396 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2397
2398 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2399
2400 foreach my $opt (keys %$drives) {
2401 my $drive = $drives->{$opt};
2402
2403 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2404 $newid, $storage, $format, $fullclone->{$opt}, $newvollist);
2405
2406 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2407
2408 PVE::QemuConfig->write_config($newid, $newconf);
2409 }
2410
2411 delete $newconf->{lock};
2412 PVE::QemuConfig->write_config($newid, $newconf);
2413
2414 if ($target) {
2415 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2416 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
2417 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
2418
2419 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
2420 die "Failed to move config to node '$target' - rename failed: $!\n"
2421 if !rename($conffile, $newconffile);
2422 }
2423
2424 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2425 };
2426 if (my $err = $@) {
2427 unlink $conffile;
2428
2429 sleep 1; # some storage like rbd need to wait before release volume - really?
2430
2431 foreach my $volid (@$newvollist) {
2432 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2433 warn $@ if $@;
2434 }
2435 die "clone failed: $err";
2436 }
2437
2438 return;
2439 };
2440
2441 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2442
2443 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2444 };
2445
2446 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
2447 # Aquire exclusive lock lock for $newid
2448 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
2449 });
2450
2451 }});
2452
2453 __PACKAGE__->register_method({
2454 name => 'move_vm_disk',
2455 path => '{vmid}/move_disk',
2456 method => 'POST',
2457 protected => 1,
2458 proxyto => 'node',
2459 description => "Move volume to different storage.",
2460 permissions => {
2461 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2462 "and 'Datastore.AllocateSpace' permissions on the storage.",
2463 check =>
2464 [ 'and',
2465 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2466 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2467 ],
2468 },
2469 parameters => {
2470 additionalProperties => 0,
2471 properties => {
2472 node => get_standard_option('pve-node'),
2473 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2474 disk => {
2475 type => 'string',
2476 description => "The disk you want to move.",
2477 enum => [ PVE::QemuServer::valid_drive_names() ],
2478 },
2479 storage => get_standard_option('pve-storage-id', {
2480 description => "Target storage.",
2481 completion => \&PVE::QemuServer::complete_storage,
2482 }),
2483 'format' => {
2484 type => 'string',
2485 description => "Target Format.",
2486 enum => [ 'raw', 'qcow2', 'vmdk' ],
2487 optional => 1,
2488 },
2489 delete => {
2490 type => 'boolean',
2491 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2492 optional => 1,
2493 default => 0,
2494 },
2495 digest => {
2496 type => 'string',
2497 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2498 maxLength => 40,
2499 optional => 1,
2500 },
2501 },
2502 },
2503 returns => {
2504 type => 'string',
2505 description => "the task ID.",
2506 },
2507 code => sub {
2508 my ($param) = @_;
2509
2510 my $rpcenv = PVE::RPCEnvironment::get();
2511
2512 my $authuser = $rpcenv->get_user();
2513
2514 my $node = extract_param($param, 'node');
2515
2516 my $vmid = extract_param($param, 'vmid');
2517
2518 my $digest = extract_param($param, 'digest');
2519
2520 my $disk = extract_param($param, 'disk');
2521
2522 my $storeid = extract_param($param, 'storage');
2523
2524 my $format = extract_param($param, 'format');
2525
2526 my $storecfg = PVE::Storage::config();
2527
2528 my $updatefn = sub {
2529
2530 my $conf = PVE::QemuConfig->load_config($vmid);
2531
2532 PVE::QemuConfig->check_lock($conf);
2533
2534 die "checksum missmatch (file change by other user?)\n"
2535 if $digest && $digest ne $conf->{digest};
2536
2537 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2538
2539 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2540
2541 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2542
2543 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2544
2545 my $oldfmt;
2546 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2547 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2548 $oldfmt = $1;
2549 }
2550
2551 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2552 (!$format || !$oldfmt || $oldfmt eq $format);
2553
2554 # this only checks snapshots because $disk is passed!
2555 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
2556 die "you can't move a disk with snapshots and delete the source\n"
2557 if $snapshotted && $param->{delete};
2558
2559 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2560
2561 my $running = PVE::QemuServer::check_running($vmid);
2562
2563 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2564
2565 my $realcmd = sub {
2566
2567 my $newvollist = [];
2568
2569 eval {
2570 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2571
2572 warn "moving disk with snapshots, snapshots will not be moved!\n"
2573 if $snapshotted;
2574
2575 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2576 $vmid, $storeid, $format, 1, $newvollist);
2577
2578 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2579
2580 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
2581
2582 PVE::QemuConfig->write_config($vmid, $conf);
2583
2584 eval {
2585 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2586 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2587 if !$running;
2588 };
2589 warn $@ if $@;
2590 };
2591 if (my $err = $@) {
2592
2593 foreach my $volid (@$newvollist) {
2594 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2595 warn $@ if $@;
2596 }
2597 die "storage migration failed: $err";
2598 }
2599
2600 if ($param->{delete}) {
2601 eval {
2602 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
2603 PVE::Storage::vdisk_free($storecfg, $old_volid);
2604 };
2605 warn $@ if $@;
2606 }
2607 };
2608
2609 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2610 };
2611
2612 return PVE::QemuConfig->lock_config($vmid, $updatefn);
2613 }});
2614
2615 __PACKAGE__->register_method({
2616 name => 'migrate_vm',
2617 path => '{vmid}/migrate',
2618 method => 'POST',
2619 protected => 1,
2620 proxyto => 'node',
2621 description => "Migrate virtual machine. Creates a new migration task.",
2622 permissions => {
2623 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2624 },
2625 parameters => {
2626 additionalProperties => 0,
2627 properties => {
2628 node => get_standard_option('pve-node'),
2629 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2630 target => get_standard_option('pve-node', {
2631 description => "Target node.",
2632 completion => \&PVE::Cluster::complete_migration_target,
2633 }),
2634 online => {
2635 type => 'boolean',
2636 description => "Use online/live migration.",
2637 optional => 1,
2638 },
2639 force => {
2640 type => 'boolean',
2641 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2642 optional => 1,
2643 },
2644 },
2645 },
2646 returns => {
2647 type => 'string',
2648 description => "the task ID.",
2649 },
2650 code => sub {
2651 my ($param) = @_;
2652
2653 my $rpcenv = PVE::RPCEnvironment::get();
2654
2655 my $authuser = $rpcenv->get_user();
2656
2657 my $target = extract_param($param, 'target');
2658
2659 my $localnode = PVE::INotify::nodename();
2660 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2661
2662 PVE::Cluster::check_cfs_quorum();
2663
2664 PVE::Cluster::check_node_exists($target);
2665
2666 my $targetip = PVE::Cluster::remote_node_ip($target);
2667
2668 my $vmid = extract_param($param, 'vmid');
2669
2670 raise_param_exc({ force => "Only root may use this option." })
2671 if $param->{force} && $authuser ne 'root@pam';
2672
2673 # test if VM exists
2674 my $conf = PVE::QemuConfig->load_config($vmid);
2675
2676 # try to detect errors early
2677
2678 PVE::QemuConfig->check_lock($conf);
2679
2680 if (PVE::QemuServer::check_running($vmid)) {
2681 die "cant migrate running VM without --online\n"
2682 if !$param->{online};
2683 }
2684
2685 my $storecfg = PVE::Storage::config();
2686 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2687
2688 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2689
2690 my $hacmd = sub {
2691 my $upid = shift;
2692
2693 my $service = "vm:$vmid";
2694
2695 my $cmd = ['ha-manager', 'migrate', $service, $target];
2696
2697 print "Executing HA migrate for VM $vmid to node $target\n";
2698
2699 PVE::Tools::run_command($cmd);
2700
2701 return;
2702 };
2703
2704 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2705
2706 } else {
2707
2708 my $realcmd = sub {
2709 my $upid = shift;
2710
2711 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2712 };
2713
2714 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2715 }
2716
2717 }});
2718
2719 __PACKAGE__->register_method({
2720 name => 'monitor',
2721 path => '{vmid}/monitor',
2722 method => 'POST',
2723 protected => 1,
2724 proxyto => 'node',
2725 description => "Execute Qemu monitor commands.",
2726 permissions => {
2727 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2728 },
2729 parameters => {
2730 additionalProperties => 0,
2731 properties => {
2732 node => get_standard_option('pve-node'),
2733 vmid => get_standard_option('pve-vmid'),
2734 command => {
2735 type => 'string',
2736 description => "The monitor command.",
2737 }
2738 },
2739 },
2740 returns => { type => 'string'},
2741 code => sub {
2742 my ($param) = @_;
2743
2744 my $vmid = $param->{vmid};
2745
2746 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
2747
2748 my $res = '';
2749 eval {
2750 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2751 };
2752 $res = "ERROR: $@" if $@;
2753
2754 return $res;
2755 }});
2756
2757 __PACKAGE__->register_method({
2758 name => 'resize_vm',
2759 path => '{vmid}/resize',
2760 method => 'PUT',
2761 protected => 1,
2762 proxyto => 'node',
2763 description => "Extend volume size.",
2764 permissions => {
2765 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2766 },
2767 parameters => {
2768 additionalProperties => 0,
2769 properties => {
2770 node => get_standard_option('pve-node'),
2771 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2772 skiplock => get_standard_option('skiplock'),
2773 disk => {
2774 type => 'string',
2775 description => "The disk you want to resize.",
2776 enum => [PVE::QemuServer::valid_drive_names()],
2777 },
2778 size => {
2779 type => 'string',
2780 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2781 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2782 },
2783 digest => {
2784 type => 'string',
2785 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2786 maxLength => 40,
2787 optional => 1,
2788 },
2789 },
2790 },
2791 returns => { type => 'null'},
2792 code => sub {
2793 my ($param) = @_;
2794
2795 my $rpcenv = PVE::RPCEnvironment::get();
2796
2797 my $authuser = $rpcenv->get_user();
2798
2799 my $node = extract_param($param, 'node');
2800
2801 my $vmid = extract_param($param, 'vmid');
2802
2803 my $digest = extract_param($param, 'digest');
2804
2805 my $disk = extract_param($param, 'disk');
2806
2807 my $sizestr = extract_param($param, 'size');
2808
2809 my $skiplock = extract_param($param, 'skiplock');
2810 raise_param_exc({ skiplock => "Only root may use this option." })
2811 if $skiplock && $authuser ne 'root@pam';
2812
2813 my $storecfg = PVE::Storage::config();
2814
2815 my $updatefn = sub {
2816
2817 my $conf = PVE::QemuConfig->load_config($vmid);
2818
2819 die "checksum missmatch (file change by other user?)\n"
2820 if $digest && $digest ne $conf->{digest};
2821 PVE::QemuConfig->check_lock($conf) if !$skiplock;
2822
2823 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2824
2825 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2826
2827 my (undef, undef, undef, undef, undef, undef, $format) =
2828 PVE::Storage::parse_volname($storecfg, $drive->{file});
2829
2830 die "can't resize volume: $disk if snapshot exists\n"
2831 if %{$conf->{snapshots}} && $format eq 'qcow2';
2832
2833 my $volid = $drive->{file};
2834
2835 die "disk '$disk' has no associated volume\n" if !$volid;
2836
2837 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2838
2839 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2840
2841 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2842
2843 PVE::Storage::activate_volumes($storecfg, [$volid]);
2844 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2845
2846 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2847 my ($ext, $newsize, $unit) = ($1, $2, $4);
2848 if ($unit) {
2849 if ($unit eq 'K') {
2850 $newsize = $newsize * 1024;
2851 } elsif ($unit eq 'M') {
2852 $newsize = $newsize * 1024 * 1024;
2853 } elsif ($unit eq 'G') {
2854 $newsize = $newsize * 1024 * 1024 * 1024;
2855 } elsif ($unit eq 'T') {
2856 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2857 }
2858 }
2859 $newsize += $size if $ext;
2860 $newsize = int($newsize);
2861
2862 die "unable to skrink disk size\n" if $newsize < $size;
2863
2864 return if $size == $newsize;
2865
2866 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2867
2868 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2869
2870 $drive->{size} = $newsize;
2871 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2872
2873 PVE::QemuConfig->write_config($vmid, $conf);
2874 };
2875
2876 PVE::QemuConfig->lock_config($vmid, $updatefn);
2877 return undef;
2878 }});
2879
2880 __PACKAGE__->register_method({
2881 name => 'snapshot_list',
2882 path => '{vmid}/snapshot',
2883 method => 'GET',
2884 description => "List all snapshots.",
2885 permissions => {
2886 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2887 },
2888 proxyto => 'node',
2889 protected => 1, # qemu pid files are only readable by root
2890 parameters => {
2891 additionalProperties => 0,
2892 properties => {
2893 vmid => get_standard_option('pve-vmid'),
2894 node => get_standard_option('pve-node'),
2895 },
2896 },
2897 returns => {
2898 type => 'array',
2899 items => {
2900 type => "object",
2901 properties => {},
2902 },
2903 links => [ { rel => 'child', href => "{name}" } ],
2904 },
2905 code => sub {
2906 my ($param) = @_;
2907
2908 my $vmid = $param->{vmid};
2909
2910 my $conf = PVE::QemuConfig->load_config($vmid);
2911 my $snaphash = $conf->{snapshots} || {};
2912
2913 my $res = [];
2914
2915 foreach my $name (keys %$snaphash) {
2916 my $d = $snaphash->{$name};
2917 my $item = {
2918 name => $name,
2919 snaptime => $d->{snaptime} || 0,
2920 vmstate => $d->{vmstate} ? 1 : 0,
2921 description => $d->{description} || '',
2922 };
2923 $item->{parent} = $d->{parent} if $d->{parent};
2924 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2925 push @$res, $item;
2926 }
2927
2928 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2929 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2930 $current->{parent} = $conf->{parent} if $conf->{parent};
2931
2932 push @$res, $current;
2933
2934 return $res;
2935 }});
2936
2937 __PACKAGE__->register_method({
2938 name => 'snapshot',
2939 path => '{vmid}/snapshot',
2940 method => 'POST',
2941 protected => 1,
2942 proxyto => 'node',
2943 description => "Snapshot a VM.",
2944 permissions => {
2945 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2946 },
2947 parameters => {
2948 additionalProperties => 0,
2949 properties => {
2950 node => get_standard_option('pve-node'),
2951 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2952 snapname => get_standard_option('pve-snapshot-name'),
2953 vmstate => {
2954 optional => 1,
2955 type => 'boolean',
2956 description => "Save the vmstate",
2957 },
2958 description => {
2959 optional => 1,
2960 type => 'string',
2961 description => "A textual description or comment.",
2962 },
2963 },
2964 },
2965 returns => {
2966 type => 'string',
2967 description => "the task ID.",
2968 },
2969 code => sub {
2970 my ($param) = @_;
2971
2972 my $rpcenv = PVE::RPCEnvironment::get();
2973
2974 my $authuser = $rpcenv->get_user();
2975
2976 my $node = extract_param($param, 'node');
2977
2978 my $vmid = extract_param($param, 'vmid');
2979
2980 my $snapname = extract_param($param, 'snapname');
2981
2982 die "unable to use snapshot name 'current' (reserved name)\n"
2983 if $snapname eq 'current';
2984
2985 my $realcmd = sub {
2986 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2987 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
2988 $param->{description});
2989 };
2990
2991 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2992 }});
2993
2994 __PACKAGE__->register_method({
2995 name => 'snapshot_cmd_idx',
2996 path => '{vmid}/snapshot/{snapname}',
2997 description => '',
2998 method => 'GET',
2999 permissions => {
3000 user => 'all',
3001 },
3002 parameters => {
3003 additionalProperties => 0,
3004 properties => {
3005 vmid => get_standard_option('pve-vmid'),
3006 node => get_standard_option('pve-node'),
3007 snapname => get_standard_option('pve-snapshot-name'),
3008 },
3009 },
3010 returns => {
3011 type => 'array',
3012 items => {
3013 type => "object",
3014 properties => {},
3015 },
3016 links => [ { rel => 'child', href => "{cmd}" } ],
3017 },
3018 code => sub {
3019 my ($param) = @_;
3020
3021 my $res = [];
3022
3023 push @$res, { cmd => 'rollback' };
3024 push @$res, { cmd => 'config' };
3025
3026 return $res;
3027 }});
3028
3029 __PACKAGE__->register_method({
3030 name => 'update_snapshot_config',
3031 path => '{vmid}/snapshot/{snapname}/config',
3032 method => 'PUT',
3033 protected => 1,
3034 proxyto => 'node',
3035 description => "Update snapshot metadata.",
3036 permissions => {
3037 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3038 },
3039 parameters => {
3040 additionalProperties => 0,
3041 properties => {
3042 node => get_standard_option('pve-node'),
3043 vmid => get_standard_option('pve-vmid'),
3044 snapname => get_standard_option('pve-snapshot-name'),
3045 description => {
3046 optional => 1,
3047 type => 'string',
3048 description => "A textual description or comment.",
3049 },
3050 },
3051 },
3052 returns => { type => 'null' },
3053 code => sub {
3054 my ($param) = @_;
3055
3056 my $rpcenv = PVE::RPCEnvironment::get();
3057
3058 my $authuser = $rpcenv->get_user();
3059
3060 my $vmid = extract_param($param, 'vmid');
3061
3062 my $snapname = extract_param($param, 'snapname');
3063
3064 return undef if !defined($param->{description});
3065
3066 my $updatefn = sub {
3067
3068 my $conf = PVE::QemuConfig->load_config($vmid);
3069
3070 PVE::QemuConfig->check_lock($conf);
3071
3072 my $snap = $conf->{snapshots}->{$snapname};
3073
3074 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3075
3076 $snap->{description} = $param->{description} if defined($param->{description});
3077
3078 PVE::QemuConfig->write_config($vmid, $conf);
3079 };
3080
3081 PVE::QemuConfig->lock_config($vmid, $updatefn);
3082
3083 return undef;
3084 }});
3085
3086 __PACKAGE__->register_method({
3087 name => 'get_snapshot_config',
3088 path => '{vmid}/snapshot/{snapname}/config',
3089 method => 'GET',
3090 proxyto => 'node',
3091 description => "Get snapshot configuration",
3092 permissions => {
3093 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3094 },
3095 parameters => {
3096 additionalProperties => 0,
3097 properties => {
3098 node => get_standard_option('pve-node'),
3099 vmid => get_standard_option('pve-vmid'),
3100 snapname => get_standard_option('pve-snapshot-name'),
3101 },
3102 },
3103 returns => { type => "object" },
3104 code => sub {
3105 my ($param) = @_;
3106
3107 my $rpcenv = PVE::RPCEnvironment::get();
3108
3109 my $authuser = $rpcenv->get_user();
3110
3111 my $vmid = extract_param($param, 'vmid');
3112
3113 my $snapname = extract_param($param, 'snapname');
3114
3115 my $conf = PVE::QemuConfig->load_config($vmid);
3116
3117 my $snap = $conf->{snapshots}->{$snapname};
3118
3119 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3120
3121 return $snap;
3122 }});
3123
3124 __PACKAGE__->register_method({
3125 name => 'rollback',
3126 path => '{vmid}/snapshot/{snapname}/rollback',
3127 method => 'POST',
3128 protected => 1,
3129 proxyto => 'node',
3130 description => "Rollback VM state to specified snapshot.",
3131 permissions => {
3132 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3133 },
3134 parameters => {
3135 additionalProperties => 0,
3136 properties => {
3137 node => get_standard_option('pve-node'),
3138 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3139 snapname => get_standard_option('pve-snapshot-name'),
3140 },
3141 },
3142 returns => {
3143 type => 'string',
3144 description => "the task ID.",
3145 },
3146 code => sub {
3147 my ($param) = @_;
3148
3149 my $rpcenv = PVE::RPCEnvironment::get();
3150
3151 my $authuser = $rpcenv->get_user();
3152
3153 my $node = extract_param($param, 'node');
3154
3155 my $vmid = extract_param($param, 'vmid');
3156
3157 my $snapname = extract_param($param, 'snapname');
3158
3159 my $realcmd = sub {
3160 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3161 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
3162 };
3163
3164 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3165 }});
3166
3167 __PACKAGE__->register_method({
3168 name => 'delsnapshot',
3169 path => '{vmid}/snapshot/{snapname}',
3170 method => 'DELETE',
3171 protected => 1,
3172 proxyto => 'node',
3173 description => "Delete a VM snapshot.",
3174 permissions => {
3175 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3176 },
3177 parameters => {
3178 additionalProperties => 0,
3179 properties => {
3180 node => get_standard_option('pve-node'),
3181 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3182 snapname => get_standard_option('pve-snapshot-name'),
3183 force => {
3184 optional => 1,
3185 type => 'boolean',
3186 description => "For removal from config file, even if removing disk snapshots fails.",
3187 },
3188 },
3189 },
3190 returns => {
3191 type => 'string',
3192 description => "the task ID.",
3193 },
3194 code => sub {
3195 my ($param) = @_;
3196
3197 my $rpcenv = PVE::RPCEnvironment::get();
3198
3199 my $authuser = $rpcenv->get_user();
3200
3201 my $node = extract_param($param, 'node');
3202
3203 my $vmid = extract_param($param, 'vmid');
3204
3205 my $snapname = extract_param($param, 'snapname');
3206
3207 my $realcmd = sub {
3208 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3209 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
3210 };
3211
3212 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3213 }});
3214
3215 __PACKAGE__->register_method({
3216 name => 'template',
3217 path => '{vmid}/template',
3218 method => 'POST',
3219 protected => 1,
3220 proxyto => 'node',
3221 description => "Create a Template.",
3222 permissions => {
3223 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3224 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3225 },
3226 parameters => {
3227 additionalProperties => 0,
3228 properties => {
3229 node => get_standard_option('pve-node'),
3230 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3231 disk => {
3232 optional => 1,
3233 type => 'string',
3234 description => "If you want to convert only 1 disk to base image.",
3235 enum => [PVE::QemuServer::valid_drive_names()],
3236 },
3237
3238 },
3239 },
3240 returns => { type => 'null'},
3241 code => sub {
3242 my ($param) = @_;
3243
3244 my $rpcenv = PVE::RPCEnvironment::get();
3245
3246 my $authuser = $rpcenv->get_user();
3247
3248 my $node = extract_param($param, 'node');
3249
3250 my $vmid = extract_param($param, 'vmid');
3251
3252 my $disk = extract_param($param, 'disk');
3253
3254 my $updatefn = sub {
3255
3256 my $conf = PVE::QemuConfig->load_config($vmid);
3257
3258 PVE::QemuConfig->check_lock($conf);
3259
3260 die "unable to create template, because VM contains snapshots\n"
3261 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3262
3263 die "you can't convert a template to a template\n"
3264 if PVE::QemuConfig->is_template($conf) && !$disk;
3265
3266 die "you can't convert a VM to template if VM is running\n"
3267 if PVE::QemuServer::check_running($vmid);
3268
3269 my $realcmd = sub {
3270 PVE::QemuServer::template_create($vmid, $conf, $disk);
3271 };
3272
3273 $conf->{template} = 1;
3274 PVE::QemuConfig->write_config($vmid, $conf);
3275
3276 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3277 };
3278
3279 PVE::QemuConfig->lock_config($vmid, $updatefn);
3280 return undef;
3281 }});
3282
3283 1;
Virtual Machine Manager