]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:


6ddedd2b1d16f438d3e2aa1ff4b95ef35e4ca28f
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use POSIX;
8 use IO::Socket::IP;
9 use URI::Escape;
10
11 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
12 use PVE::RRD;
13 use PVE::SafeSyslog;
14 use PVE::Tools qw(extract_param);
15 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
16 use PVE::Storage;
17 use PVE::JSONSchema qw(get_standard_option);
18 use PVE::RESTHandler;
19 use PVE::ReplicationConfig;
20 use PVE::GuestHelpers;
21 use PVE::QemuConfig;
22 use PVE::QemuServer;
23 use PVE::QemuServer::Monitor qw(mon_cmd);
24 use PVE::QemuMigrate;
25 use PVE::RPCEnvironment;
26 use PVE::AccessControl;
27 use PVE::INotify;
28 use PVE::Network;
29 use PVE::Firewall;
30 use PVE::API2::Firewall::VM;
31 use PVE::API2::Qemu::Agent;
32 use PVE::VZDump::Plugin;
33 use PVE::DataCenterConfig;
34 use PVE::SSHInfo;
35
36 BEGIN {
37 if (!$ENV{PVE_GENERATING_DOCS}) {
38 require PVE::HA::Env::PVE2;
39 import PVE::HA::Env::PVE2;
40 require PVE::HA::Config;
41 import PVE::HA::Config;
42 }
43 }
44
45 use Data::Dumper; # fixme: remove
46
47 use base qw(PVE::RESTHandler);
48
49 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
50
51 my $resolve_cdrom_alias = sub {
52 my $param = shift;
53
54 if (my $value = $param->{cdrom}) {
55 $value .= ",media=cdrom" if $value !~ m/media=/;
56 $param->{ide2} = $value;
57 delete $param->{cdrom};
58 }
59 };
60
61 my $NEW_DISK_RE = qr!^(([^/:\s]+):)?(\d+(\.\d+)?)$!;
62 my $check_storage_access = sub {
63 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
64
65 PVE::QemuServer::foreach_drive($settings, sub {
66 my ($ds, $drive) = @_;
67
68 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
69
70 my $volid = $drive->{file};
71 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
72
73 if (!$volid || ($volid eq 'none' || $volid eq 'cloudinit' || (defined($volname) && $volname eq 'cloudinit'))) {
74 # nothing to check
75 } elsif ($isCDROM && ($volid eq 'cdrom')) {
76 $rpcenv->check($authuser, "/", ['Sys.Console']);
77 } elsif (!$isCDROM && ($volid =~ $NEW_DISK_RE)) {
78 my ($storeid, $size) = ($2 || $default_storage, $3);
79 die "no storage ID specified (and no default storage)\n" if !$storeid;
80 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
81 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
82 raise_param_exc({ storage => "storage '$storeid' does not support vm images"})
83 if !$scfg->{content}->{images};
84 } else {
85 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
86 }
87 });
88
89 $rpcenv->check($authuser, "/storage/$settings->{vmstatestorage}", ['Datastore.AllocateSpace'])
90 if defined($settings->{vmstatestorage});
91 };
92
93 my $check_storage_access_clone = sub {
94 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
95
96 my $sharedvm = 1;
97
98 PVE::QemuServer::foreach_drive($conf, sub {
99 my ($ds, $drive) = @_;
100
101 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
102
103 my $volid = $drive->{file};
104
105 return if !$volid || $volid eq 'none';
106
107 if ($isCDROM) {
108 if ($volid eq 'cdrom') {
109 $rpcenv->check($authuser, "/", ['Sys.Console']);
110 } else {
111 # we simply allow access
112 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
113 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
114 $sharedvm = 0 if !$scfg->{shared};
115
116 }
117 } else {
118 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
119 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
120 $sharedvm = 0 if !$scfg->{shared};
121
122 $sid = $storage if $storage;
123 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
124 }
125 });
126
127 $rpcenv->check($authuser, "/storage/$conf->{vmstatestorage}", ['Datastore.AllocateSpace'])
128 if defined($conf->{vmstatestorage});
129
130 return $sharedvm;
131 };
132
133 # Note: $pool is only needed when creating a VM, because pool permissions
134 # are automatically inherited if VM already exists inside a pool.
135 my $create_disks = sub {
136 my ($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
137
138 my $vollist = [];
139
140 my $res = {};
141
142 my $code = sub {
143 my ($ds, $disk) = @_;
144
145 my $volid = $disk->{file};
146 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
147
148 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
149 delete $disk->{size};
150 $res->{$ds} = PVE::QemuServer::print_drive($disk);
151 } elsif (defined($volname) && $volname eq 'cloudinit') {
152 $storeid = $storeid // $default_storage;
153 die "no storage ID specified (and no default storage)\n" if !$storeid;
154 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
155 my $name = "vm-$vmid-cloudinit";
156
157 my $fmt = undef;
158 if ($scfg->{path}) {
159 $fmt = $disk->{format} // "qcow2";
160 $name .= ".$fmt";
161 } else {
162 $fmt = $disk->{format} // "raw";
163 }
164
165 # Initial disk created with 4 MB and aligned to 4MB on regeneration
166 my $ci_size = PVE::QemuServer::Cloudinit::CLOUDINIT_DISK_SIZE;
167 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, $name, $ci_size/1024);
168 $disk->{file} = $volid;
169 $disk->{media} = 'cdrom';
170 push @$vollist, $volid;
171 delete $disk->{format}; # no longer needed
172 $res->{$ds} = PVE::QemuServer::print_drive($disk);
173 } elsif ($volid =~ $NEW_DISK_RE) {
174 my ($storeid, $size) = ($2 || $default_storage, $3);
175 die "no storage ID specified (and no default storage)\n" if !$storeid;
176 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
177 my $fmt = $disk->{format} || $defformat;
178
179 $size = PVE::Tools::convert_size($size, 'gb' => 'kb'); # vdisk_alloc uses kb
180
181 my $volid;
182 if ($ds eq 'efidisk0') {
183 ($volid, $size) = PVE::QemuServer::create_efidisk($storecfg, $storeid, $vmid, $fmt, $arch);
184 } else {
185 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, undef, $size);
186 }
187 push @$vollist, $volid;
188 $disk->{file} = $volid;
189 $disk->{size} = PVE::Tools::convert_size($size, 'kb' => 'b');
190 delete $disk->{format}; # no longer needed
191 $res->{$ds} = PVE::QemuServer::print_drive($disk);
192 } else {
193
194 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
195
196 my $volid_is_new = 1;
197
198 if ($conf->{$ds}) {
199 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
200 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
201 }
202
203 if ($volid_is_new) {
204
205 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
206
207 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
208
209 die "volume $volid does not exist\n" if !$size;
210
211 $disk->{size} = $size;
212 }
213
214 $res->{$ds} = PVE::QemuServer::print_drive($disk);
215 }
216 };
217
218 eval { PVE::QemuServer::foreach_drive($settings, $code); };
219
220 # free allocated images on error
221 if (my $err = $@) {
222 syslog('err', "VM $vmid creating disks failed");
223 foreach my $volid (@$vollist) {
224 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
225 warn $@ if $@;
226 }
227 die $err;
228 }
229
230 # modify vm config if everything went well
231 foreach my $ds (keys %$res) {
232 $conf->{$ds} = $res->{$ds};
233 }
234
235 return $vollist;
236 };
237
238 my $cpuoptions = {
239 'cores' => 1,
240 'cpu' => 1,
241 'cpulimit' => 1,
242 'cpuunits' => 1,
243 'numa' => 1,
244 'smp' => 1,
245 'sockets' => 1,
246 'vcpus' => 1,
247 };
248
249 my $memoryoptions = {
250 'memory' => 1,
251 'balloon' => 1,
252 'shares' => 1,
253 };
254
255 my $hwtypeoptions = {
256 'acpi' => 1,
257 'hotplug' => 1,
258 'kvm' => 1,
259 'machine' => 1,
260 'scsihw' => 1,
261 'smbios1' => 1,
262 'tablet' => 1,
263 'vga' => 1,
264 'watchdog' => 1,
265 'audio0' => 1,
266 };
267
268 my $generaloptions = {
269 'agent' => 1,
270 'autostart' => 1,
271 'bios' => 1,
272 'description' => 1,
273 'keyboard' => 1,
274 'localtime' => 1,
275 'migrate_downtime' => 1,
276 'migrate_speed' => 1,
277 'name' => 1,
278 'onboot' => 1,
279 'ostype' => 1,
280 'protection' => 1,
281 'reboot' => 1,
282 'startdate' => 1,
283 'startup' => 1,
284 'tdf' => 1,
285 'template' => 1,
286 'tags' => 1,
287 };
288
289 my $vmpoweroptions = {
290 'freeze' => 1,
291 };
292
293 my $diskoptions = {
294 'boot' => 1,
295 'bootdisk' => 1,
296 'vmstatestorage' => 1,
297 };
298
299 my $cloudinitoptions = {
300 cicustom => 1,
301 cipassword => 1,
302 citype => 1,
303 ciuser => 1,
304 nameserver => 1,
305 searchdomain => 1,
306 sshkeys => 1,
307 };
308
309 my $check_vm_modify_config_perm = sub {
310 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
311
312 return 1 if $authuser eq 'root@pam';
313
314 foreach my $opt (@$key_list) {
315 # some checks (e.g., disk, serial port, usb) need to be done somewhere
316 # else, as there the permission can be value dependend
317 next if PVE::QemuServer::is_valid_drivename($opt);
318 next if $opt eq 'cdrom';
319 next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
320
321
322 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
323 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
324 } elsif ($memoryoptions->{$opt}) {
325 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
326 } elsif ($hwtypeoptions->{$opt}) {
327 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
328 } elsif ($generaloptions->{$opt}) {
329 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
330 # special case for startup since it changes host behaviour
331 if ($opt eq 'startup') {
332 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
333 }
334 } elsif ($vmpoweroptions->{$opt}) {
335 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
336 } elsif ($diskoptions->{$opt}) {
337 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
338 } elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
339 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
340 } elsif ($opt eq 'vmstate') {
341 # the user needs Disk and PowerMgmt privileges to change the vmstate
342 # also needs privileges on the storage, that will be checked later
343 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
344 } else {
345 # catches hostpci\d+, args, lock, etc.
346 # new options will be checked here
347 die "only root can set '$opt' config\n";
348 }
349 }
350
351 return 1;
352 };
353
354 __PACKAGE__->register_method({
355 name => 'vmlist',
356 path => '',
357 method => 'GET',
358 description => "Virtual machine index (per node).",
359 permissions => {
360 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
361 user => 'all',
362 },
363 proxyto => 'node',
364 protected => 1, # qemu pid files are only readable by root
365 parameters => {
366 additionalProperties => 0,
367 properties => {
368 node => get_standard_option('pve-node'),
369 full => {
370 type => 'boolean',
371 optional => 1,
372 description => "Determine the full status of active VMs.",
373 },
374 },
375 },
376 returns => {
377 type => 'array',
378 items => {
379 type => "object",
380 properties => $PVE::QemuServer::vmstatus_return_properties,
381 },
382 links => [ { rel => 'child', href => "{vmid}" } ],
383 },
384 code => sub {
385 my ($param) = @_;
386
387 my $rpcenv = PVE::RPCEnvironment::get();
388 my $authuser = $rpcenv->get_user();
389
390 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
391
392 my $res = [];
393 foreach my $vmid (keys %$vmstatus) {
394 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
395
396 my $data = $vmstatus->{$vmid};
397 push @$res, $data;
398 }
399
400 return $res;
401 }});
402
403
404
405 __PACKAGE__->register_method({
406 name => 'create_vm',
407 path => '',
408 method => 'POST',
409 description => "Create or restore a virtual machine.",
410 permissions => {
411 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
412 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
413 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
414 user => 'all', # check inside
415 },
416 protected => 1,
417 proxyto => 'node',
418 parameters => {
419 additionalProperties => 0,
420 properties => PVE::QemuServer::json_config_properties(
421 {
422 node => get_standard_option('pve-node'),
423 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
424 archive => {
425 description => "The backup file.",
426 type => 'string',
427 optional => 1,
428 maxLength => 255,
429 completion => \&PVE::QemuServer::complete_backup_archives,
430 },
431 storage => get_standard_option('pve-storage-id', {
432 description => "Default storage.",
433 optional => 1,
434 completion => \&PVE::QemuServer::complete_storage,
435 }),
436 force => {
437 optional => 1,
438 type => 'boolean',
439 description => "Allow to overwrite existing VM.",
440 requires => 'archive',
441 },
442 unique => {
443 optional => 1,
444 type => 'boolean',
445 description => "Assign a unique random ethernet address.",
446 requires => 'archive',
447 },
448 pool => {
449 optional => 1,
450 type => 'string', format => 'pve-poolid',
451 description => "Add the VM to the specified pool.",
452 },
453 bwlimit => {
454 description => "Override I/O bandwidth limit (in KiB/s).",
455 optional => 1,
456 type => 'integer',
457 minimum => '0',
458 default => 'restore limit from datacenter or storage config',
459 },
460 start => {
461 optional => 1,
462 type => 'boolean',
463 default => 0,
464 description => "Start VM after it was created successfully.",
465 },
466 }),
467 },
468 returns => {
469 type => 'string',
470 },
471 code => sub {
472 my ($param) = @_;
473
474 my $rpcenv = PVE::RPCEnvironment::get();
475 my $authuser = $rpcenv->get_user();
476
477 my $node = extract_param($param, 'node');
478 my $vmid = extract_param($param, 'vmid');
479
480 my $archive = extract_param($param, 'archive');
481 my $is_restore = !!$archive;
482
483 my $bwlimit = extract_param($param, 'bwlimit');
484 my $force = extract_param($param, 'force');
485 my $pool = extract_param($param, 'pool');
486 my $start_after_create = extract_param($param, 'start');
487 my $storage = extract_param($param, 'storage');
488 my $unique = extract_param($param, 'unique');
489
490 if (defined(my $ssh_keys = $param->{sshkeys})) {
491 $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
492 PVE::Tools::validate_ssh_public_keys($ssh_keys);
493 }
494
495 PVE::Cluster::check_cfs_quorum();
496
497 my $filename = PVE::QemuConfig->config_file($vmid);
498 my $storecfg = PVE::Storage::config();
499
500 if (defined($pool)) {
501 $rpcenv->check_pool_exist($pool);
502 }
503
504 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
505 if defined($storage);
506
507 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
508 # OK
509 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
510 # OK
511 } elsif ($archive && $force && (-f $filename) &&
512 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
513 # OK: user has VM.Backup permissions, and want to restore an existing VM
514 } else {
515 raise_perm_exc();
516 }
517
518 if (!$archive) {
519 &$resolve_cdrom_alias($param);
520
521 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
522
523 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
524
525 foreach my $opt (keys %$param) {
526 if (PVE::QemuServer::is_valid_drivename($opt)) {
527 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
528 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
529
530 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
531 $param->{$opt} = PVE::QemuServer::print_drive($drive);
532 }
533 }
534
535 PVE::QemuServer::add_random_macs($param);
536 } else {
537 my $keystr = join(' ', keys %$param);
538 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
539
540 if ($archive eq '-') {
541 die "pipe requires cli environment\n"
542 if $rpcenv->{type} ne 'cli';
543 } else {
544 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
545 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
546 }
547 }
548
549 my $emsg = $is_restore ? "unable to restore VM $vmid -" : "unable to create VM $vmid -";
550
551 eval { PVE::QemuConfig->create_and_lock_config($vmid, $force) };
552 die "$emsg $@" if $@;
553
554 my $restorefn = sub {
555 my $conf = PVE::QemuConfig->load_config($vmid);
556
557 PVE::QemuConfig->check_protection($conf, $emsg);
558
559 die "$emsg vm is running\n" if PVE::QemuServer::check_running($vmid);
560
561 my $realcmd = sub {
562 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
563 storage => $storage,
564 pool => $pool,
565 unique => $unique,
566 bwlimit => $bwlimit,
567 });
568 my $restored_conf = PVE::QemuConfig->load_config($vmid);
569 # Convert restored VM to template if backup was VM template
570 if (PVE::QemuConfig->is_template($restored_conf)) {
571 warn "Convert to template.\n";
572 eval { PVE::QemuServer::template_create($vmid, $restored_conf) };
573 warn $@ if $@;
574 }
575
576 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
577 };
578
579 # ensure no old replication state are exists
580 PVE::ReplicationState::delete_guest_states($vmid);
581
582 PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
583
584 if ($start_after_create) {
585 print "Execute autostart\n";
586 eval { PVE::API2::Qemu->vm_start({ vmid => $vmid, node => $node }) };
587 warn $@ if $@;
588 }
589 };
590
591 my $createfn = sub {
592 # ensure no old replication state are exists
593 PVE::ReplicationState::delete_guest_states($vmid);
594
595 my $realcmd = sub {
596 my $conf = $param;
597 my $arch = PVE::QemuServer::get_vm_arch($conf);
598
599 my $vollist = [];
600 eval {
601 $vollist = &$create_disks($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $param, $storage);
602
603 if (!$conf->{bootdisk}) {
604 my $firstdisk = PVE::QemuServer::resolve_first_disk($conf);
605 $conf->{bootdisk} = $firstdisk if $firstdisk;
606 }
607
608 # auto generate uuid if user did not specify smbios1 option
609 if (!$conf->{smbios1}) {
610 $conf->{smbios1} = PVE::QemuServer::generate_smbios1_uuid();
611 }
612
613 if ((!defined($conf->{vmgenid}) || $conf->{vmgenid} eq '1') && $arch ne 'aarch64') {
614 $conf->{vmgenid} = PVE::QemuServer::generate_uuid();
615 }
616
617 PVE::QemuConfig->write_config($vmid, $conf);
618
619 };
620 my $err = $@;
621
622 if ($err) {
623 foreach my $volid (@$vollist) {
624 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
625 warn $@ if $@;
626 }
627 die "$emsg $err";
628 }
629
630 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
631 };
632
633 PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
634
635 if ($start_after_create) {
636 print "Execute autostart\n";
637 eval { PVE::API2::Qemu->vm_start({vmid => $vmid, node => $node}) };
638 warn $@ if $@;
639 }
640 };
641
642 my ($code, $worker_name);
643 if ($is_restore) {
644 $worker_name = 'qmrestore';
645 $code = sub {
646 eval { $restorefn->() };
647 if (my $err = $@) {
648 eval { PVE::QemuConfig->remove_lock($vmid, 'create') };
649 warn $@ if $@;
650 die $err;
651 }
652 };
653 } else {
654 $worker_name = 'qmcreate';
655 $code = sub {
656 eval { $createfn->() };
657 if (my $err = $@) {
658 eval {
659 my $conffile = PVE::QemuConfig->config_file($vmid);
660 unlink($conffile) or die "failed to remove config file: $!\n";
661 };
662 warn $@ if $@;
663 die $err;
664 }
665 };
666 }
667
668 return $rpcenv->fork_worker($worker_name, $vmid, $authuser, $code);
669 }});
670
671 __PACKAGE__->register_method({
672 name => 'vmdiridx',
673 path => '{vmid}',
674 method => 'GET',
675 proxyto => 'node',
676 description => "Directory index",
677 permissions => {
678 user => 'all',
679 },
680 parameters => {
681 additionalProperties => 0,
682 properties => {
683 node => get_standard_option('pve-node'),
684 vmid => get_standard_option('pve-vmid'),
685 },
686 },
687 returns => {
688 type => 'array',
689 items => {
690 type => "object",
691 properties => {
692 subdir => { type => 'string' },
693 },
694 },
695 links => [ { rel => 'child', href => "{subdir}" } ],
696 },
697 code => sub {
698 my ($param) = @_;
699
700 my $res = [
701 { subdir => 'config' },
702 { subdir => 'pending' },
703 { subdir => 'status' },
704 { subdir => 'unlink' },
705 { subdir => 'vncproxy' },
706 { subdir => 'termproxy' },
707 { subdir => 'migrate' },
708 { subdir => 'resize' },
709 { subdir => 'move' },
710 { subdir => 'rrd' },
711 { subdir => 'rrddata' },
712 { subdir => 'monitor' },
713 { subdir => 'agent' },
714 { subdir => 'snapshot' },
715 { subdir => 'spiceproxy' },
716 { subdir => 'sendkey' },
717 { subdir => 'firewall' },
718 ];
719
720 return $res;
721 }});
722
723 __PACKAGE__->register_method ({
724 subclass => "PVE::API2::Firewall::VM",
725 path => '{vmid}/firewall',
726 });
727
728 __PACKAGE__->register_method ({
729 subclass => "PVE::API2::Qemu::Agent",
730 path => '{vmid}/agent',
731 });
732
733 __PACKAGE__->register_method({
734 name => 'rrd',
735 path => '{vmid}/rrd',
736 method => 'GET',
737 protected => 1, # fixme: can we avoid that?
738 permissions => {
739 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
740 },
741 description => "Read VM RRD statistics (returns PNG)",
742 parameters => {
743 additionalProperties => 0,
744 properties => {
745 node => get_standard_option('pve-node'),
746 vmid => get_standard_option('pve-vmid'),
747 timeframe => {
748 description => "Specify the time frame you are interested in.",
749 type => 'string',
750 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
751 },
752 ds => {
753 description => "The list of datasources you want to display.",
754 type => 'string', format => 'pve-configid-list',
755 },
756 cf => {
757 description => "The RRD consolidation function",
758 type => 'string',
759 enum => [ 'AVERAGE', 'MAX' ],
760 optional => 1,
761 },
762 },
763 },
764 returns => {
765 type => "object",
766 properties => {
767 filename => { type => 'string' },
768 },
769 },
770 code => sub {
771 my ($param) = @_;
772
773 return PVE::RRD::create_rrd_graph(
774 "pve2-vm/$param->{vmid}", $param->{timeframe},
775 $param->{ds}, $param->{cf});
776
777 }});
778
779 __PACKAGE__->register_method({
780 name => 'rrddata',
781 path => '{vmid}/rrddata',
782 method => 'GET',
783 protected => 1, # fixme: can we avoid that?
784 permissions => {
785 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
786 },
787 description => "Read VM RRD statistics",
788 parameters => {
789 additionalProperties => 0,
790 properties => {
791 node => get_standard_option('pve-node'),
792 vmid => get_standard_option('pve-vmid'),
793 timeframe => {
794 description => "Specify the time frame you are interested in.",
795 type => 'string',
796 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
797 },
798 cf => {
799 description => "The RRD consolidation function",
800 type => 'string',
801 enum => [ 'AVERAGE', 'MAX' ],
802 optional => 1,
803 },
804 },
805 },
806 returns => {
807 type => "array",
808 items => {
809 type => "object",
810 properties => {},
811 },
812 },
813 code => sub {
814 my ($param) = @_;
815
816 return PVE::RRD::create_rrd_data(
817 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
818 }});
819
820
821 __PACKAGE__->register_method({
822 name => 'vm_config',
823 path => '{vmid}/config',
824 method => 'GET',
825 proxyto => 'node',
826 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
827 permissions => {
828 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
829 },
830 parameters => {
831 additionalProperties => 0,
832 properties => {
833 node => get_standard_option('pve-node'),
834 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
835 current => {
836 description => "Get current values (instead of pending values).",
837 optional => 1,
838 default => 0,
839 type => 'boolean',
840 },
841 snapshot => get_standard_option('pve-snapshot-name', {
842 description => "Fetch config values from given snapshot.",
843 optional => 1,
844 completion => sub {
845 my ($cmd, $pname, $cur, $args) = @_;
846 PVE::QemuConfig->snapshot_list($args->[0]);
847 },
848 }),
849 },
850 },
851 returns => {
852 description => "The current VM configuration.",
853 type => "object",
854 properties => PVE::QemuServer::json_config_properties({
855 digest => {
856 type => 'string',
857 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
858 }
859 }),
860 },
861 code => sub {
862 my ($param) = @_;
863
864 raise_param_exc({ snapshot => "cannot use 'snapshot' parameter with 'current'",
865 current => "cannot use 'snapshot' parameter with 'current'"})
866 if ($param->{snapshot} && $param->{current});
867
868 my $conf;
869 if ($param->{snapshot}) {
870 $conf = PVE::QemuConfig->load_snapshot_config($param->{vmid}, $param->{snapshot});
871 } else {
872 $conf = PVE::QemuConfig->load_current_config($param->{vmid}, $param->{current});
873 }
874 $conf->{cipassword} = '**********' if $conf->{cipassword};
875 return $conf;
876
877 }});
878
879 __PACKAGE__->register_method({
880 name => 'vm_pending',
881 path => '{vmid}/pending',
882 method => 'GET',
883 proxyto => 'node',
884 description => "Get virtual machine configuration, including pending changes.",
885 permissions => {
886 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
887 },
888 parameters => {
889 additionalProperties => 0,
890 properties => {
891 node => get_standard_option('pve-node'),
892 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
893 },
894 },
895 returns => {
896 type => "array",
897 items => {
898 type => "object",
899 properties => {
900 key => {
901 description => "Configuration option name.",
902 type => 'string',
903 },
904 value => {
905 description => "Current value.",
906 type => 'string',
907 optional => 1,
908 },
909 pending => {
910 description => "Pending value.",
911 type => 'string',
912 optional => 1,
913 },
914 delete => {
915 description => "Indicates a pending delete request if present and not 0. " .
916 "The value 2 indicates a force-delete request.",
917 type => 'integer',
918 minimum => 0,
919 maximum => 2,
920 optional => 1,
921 },
922 },
923 },
924 },
925 code => sub {
926 my ($param) = @_;
927
928 my $conf = PVE::QemuConfig->load_config($param->{vmid});
929
930 my $pending_delete_hash = PVE::QemuConfig->parse_pending_delete($conf->{pending}->{delete});
931
932 $conf->{cipassword} = '**********' if defined($conf->{cipassword});
933 $conf->{pending}->{cipassword} = '********** ' if defined($conf->{pending}->{cipassword});
934
935 return PVE::GuestHelpers::config_with_pending_array($conf, $pending_delete_hash);
936 }});
937
938 # POST/PUT {vmid}/config implementation
939 #
940 # The original API used PUT (idempotent) an we assumed that all operations
941 # are fast. But it turned out that almost any configuration change can
942 # involve hot-plug actions, or disk alloc/free. Such actions can take long
943 # time to complete and have side effects (not idempotent).
944 #
945 # The new implementation uses POST and forks a worker process. We added
946 # a new option 'background_delay'. If specified we wait up to
947 # 'background_delay' second for the worker task to complete. It returns null
948 # if the task is finished within that time, else we return the UPID.
949
950 my $update_vm_api = sub {
951 my ($param, $sync) = @_;
952
953 my $rpcenv = PVE::RPCEnvironment::get();
954
955 my $authuser = $rpcenv->get_user();
956
957 my $node = extract_param($param, 'node');
958
959 my $vmid = extract_param($param, 'vmid');
960
961 my $digest = extract_param($param, 'digest');
962
963 my $background_delay = extract_param($param, 'background_delay');
964
965 if (defined(my $cipassword = $param->{cipassword})) {
966 # Same logic as in cloud-init (but with the regex fixed...)
967 $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
968 if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
969 }
970
971 my @paramarr = (); # used for log message
972 foreach my $key (sort keys %$param) {
973 my $value = $key eq 'cipassword' ? '<hidden>' : $param->{$key};
974 push @paramarr, "-$key", $value;
975 }
976
977 my $skiplock = extract_param($param, 'skiplock');
978 raise_param_exc({ skiplock => "Only root may use this option." })
979 if $skiplock && $authuser ne 'root@pam';
980
981 my $delete_str = extract_param($param, 'delete');
982
983 my $revert_str = extract_param($param, 'revert');
984
985 my $force = extract_param($param, 'force');
986
987 if (defined(my $ssh_keys = $param->{sshkeys})) {
988 $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
989 PVE::Tools::validate_ssh_public_keys($ssh_keys);
990 }
991
992 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
993
994 my $storecfg = PVE::Storage::config();
995
996 my $defaults = PVE::QemuServer::load_defaults();
997
998 &$resolve_cdrom_alias($param);
999
1000 # now try to verify all parameters
1001
1002 my $revert = {};
1003 foreach my $opt (PVE::Tools::split_list($revert_str)) {
1004 if (!PVE::QemuServer::option_exists($opt)) {
1005 raise_param_exc({ revert => "unknown option '$opt'" });
1006 }
1007
1008 raise_param_exc({ delete => "you can't use '-$opt' and " .
1009 "-revert $opt' at the same time" })
1010 if defined($param->{$opt});
1011
1012 $revert->{$opt} = 1;
1013 }
1014
1015 my @delete = ();
1016 foreach my $opt (PVE::Tools::split_list($delete_str)) {
1017 $opt = 'ide2' if $opt eq 'cdrom';
1018
1019 raise_param_exc({ delete => "you can't use '-$opt' and " .
1020 "-delete $opt' at the same time" })
1021 if defined($param->{$opt});
1022
1023 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
1024 "-revert $opt' at the same time" })
1025 if $revert->{$opt};
1026
1027 if (!PVE::QemuServer::option_exists($opt)) {
1028 raise_param_exc({ delete => "unknown option '$opt'" });
1029 }
1030
1031 push @delete, $opt;
1032 }
1033
1034 my $repl_conf = PVE::ReplicationConfig->new();
1035 my $is_replicated = $repl_conf->check_for_existing_jobs($vmid, 1);
1036 my $check_replication = sub {
1037 my ($drive) = @_;
1038 return if !$is_replicated;
1039 my $volid = $drive->{file};
1040 return if !$volid || !($drive->{replicate}//1);
1041 return if PVE::QemuServer::drive_is_cdrom($drive);
1042
1043 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
1044 return if $volname eq 'cloudinit';
1045
1046 my $format;
1047 if ($volid =~ $NEW_DISK_RE) {
1048 $storeid = $2;
1049 $format = $drive->{format} || PVE::Storage::storage_default_format($storecfg, $storeid);
1050 } else {
1051 $format = (PVE::Storage::parse_volname($storecfg, $volid))[6];
1052 }
1053 return if PVE::Storage::storage_can_replicate($storecfg, $storeid, $format);
1054 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
1055 return if $scfg->{shared};
1056 die "cannot add non-replicatable volume to a replicated VM\n";
1057 };
1058
1059 foreach my $opt (keys %$param) {
1060 if (PVE::QemuServer::is_valid_drivename($opt)) {
1061 # cleanup drive path
1062 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1063 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
1064 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
1065 $check_replication->($drive);
1066 $param->{$opt} = PVE::QemuServer::print_drive($drive);
1067 } elsif ($opt =~ m/^net(\d+)$/) {
1068 # add macaddr
1069 my $net = PVE::QemuServer::parse_net($param->{$opt});
1070 $param->{$opt} = PVE::QemuServer::print_net($net);
1071 } elsif ($opt eq 'vmgenid') {
1072 if ($param->{$opt} eq '1') {
1073 $param->{$opt} = PVE::QemuServer::generate_uuid();
1074 }
1075 } elsif ($opt eq 'hookscript') {
1076 eval { PVE::GuestHelpers::check_hookscript($param->{$opt}, $storecfg); };
1077 raise_param_exc({ $opt => $@ }) if $@;
1078 }
1079 }
1080
1081 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
1082
1083 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
1084
1085 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
1086
1087 my $updatefn = sub {
1088
1089 my $conf = PVE::QemuConfig->load_config($vmid);
1090
1091 die "checksum missmatch (file change by other user?)\n"
1092 if $digest && $digest ne $conf->{digest};
1093
1094 # FIXME: 'suspended' lock should probabyl be a state or "weak" lock?!
1095 if (scalar(@delete) && grep { $_ eq 'vmstate'} @delete) {
1096 if (defined($conf->{lock}) && $conf->{lock} eq 'suspended') {
1097 delete $conf->{lock}; # for check lock check, not written out
1098 push @delete, 'lock'; # this is the real deal to write it out
1099 }
1100 push @delete, 'runningmachine' if $conf->{runningmachine};
1101 }
1102
1103 PVE::QemuConfig->check_lock($conf) if !$skiplock;
1104
1105 foreach my $opt (keys %$revert) {
1106 if (defined($conf->{$opt})) {
1107 $param->{$opt} = $conf->{$opt};
1108 } elsif (defined($conf->{pending}->{$opt})) {
1109 push @delete, $opt;
1110 }
1111 }
1112
1113 if ($param->{memory} || defined($param->{balloon})) {
1114 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
1115 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
1116
1117 die "balloon value too large (must be smaller than assigned memory)\n"
1118 if $balloon && $balloon > $maxmem;
1119 }
1120
1121 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
1122
1123 my $worker = sub {
1124
1125 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
1126
1127 # write updates to pending section
1128
1129 my $modified = {}; # record what $option we modify
1130
1131 foreach my $opt (@delete) {
1132 $modified->{$opt} = 1;
1133 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1134
1135 # value of what we want to delete, independent if pending or not
1136 my $val = $conf->{$opt} // $conf->{pending}->{$opt};
1137 if (!defined($val)) {
1138 warn "cannot delete '$opt' - not set in current configuration!\n";
1139 $modified->{$opt} = 0;
1140 next;
1141 }
1142 my $is_pending_val = defined($conf->{pending}->{$opt});
1143 delete $conf->{pending}->{$opt};
1144
1145 if ($opt =~ m/^unused/) {
1146 my $drive = PVE::QemuServer::parse_drive($opt, $val);
1147 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
1148 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1149 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
1150 delete $conf->{$opt};
1151 PVE::QemuConfig->write_config($vmid, $conf);
1152 }
1153 } elsif ($opt eq 'vmstate') {
1154 PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'");
1155 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) {
1156 delete $conf->{$opt};
1157 PVE::QemuConfig->write_config($vmid, $conf);
1158 }
1159 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1160 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
1161 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1162 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $val))
1163 if $is_pending_val;
1164 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1165 PVE::QemuConfig->write_config($vmid, $conf);
1166 } elsif ($opt =~ m/^serial\d+$/) {
1167 if ($val eq 'socket') {
1168 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1169 } elsif ($authuser ne 'root@pam') {
1170 die "only root can delete '$opt' config for real devices\n";
1171 }
1172 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1173 PVE::QemuConfig->write_config($vmid, $conf);
1174 } elsif ($opt =~ m/^usb\d+$/) {
1175 if ($val =~ m/spice/) {
1176 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1177 } elsif ($authuser ne 'root@pam') {
1178 die "only root can delete '$opt' config for real devices\n";
1179 }
1180 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1181 PVE::QemuConfig->write_config($vmid, $conf);
1182 } else {
1183 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1184 PVE::QemuConfig->write_config($vmid, $conf);
1185 }
1186 }
1187
1188 foreach my $opt (keys %$param) { # add/change
1189 $modified->{$opt} = 1;
1190 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1191 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1192
1193 my $arch = PVE::QemuServer::get_vm_arch($conf);
1194
1195 if (PVE::QemuServer::is_valid_drivename($opt)) {
1196 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1197 # FIXME: cloudinit: CDROM or Disk?
1198 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1199 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1200 } else {
1201 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1202 }
1203 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1204 if defined($conf->{pending}->{$opt});
1205
1206 &$create_disks($rpcenv, $authuser, $conf->{pending}, $arch, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1207 } elsif ($opt =~ m/^serial\d+/) {
1208 if ((!defined($conf->{$opt}) || $conf->{$opt} eq 'socket') && $param->{$opt} eq 'socket') {
1209 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1210 } elsif ($authuser ne 'root@pam') {
1211 die "only root can modify '$opt' config for real devices\n";
1212 }
1213 $conf->{pending}->{$opt} = $param->{$opt};
1214 } elsif ($opt =~ m/^usb\d+/) {
1215 if ((!defined($conf->{$opt}) || $conf->{$opt} =~ m/spice/) && $param->{$opt} =~ m/spice/) {
1216 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1217 } elsif ($authuser ne 'root@pam') {
1218 die "only root can modify '$opt' config for real devices\n";
1219 }
1220 $conf->{pending}->{$opt} = $param->{$opt};
1221 } else {
1222 $conf->{pending}->{$opt} = $param->{$opt};
1223 }
1224 PVE::QemuConfig->remove_from_pending_delete($conf, $opt);
1225 PVE::QemuConfig->write_config($vmid, $conf);
1226 }
1227
1228 # remove pending changes when nothing changed
1229 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1230 my $changes = PVE::QemuConfig->cleanup_pending($conf);
1231 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
1232
1233 return if !scalar(keys %{$conf->{pending}});
1234
1235 my $running = PVE::QemuServer::check_running($vmid);
1236
1237 # apply pending changes
1238
1239 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1240
1241 my $errors = {};
1242 if ($running) {
1243 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1244 } else {
1245 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running, $errors);
1246 }
1247 raise_param_exc($errors) if scalar(keys %$errors);
1248
1249 return;
1250 };
1251
1252 if ($sync) {
1253 &$worker();
1254 return undef;
1255 } else {
1256 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1257
1258 if ($background_delay) {
1259
1260 # Note: It would be better to do that in the Event based HTTPServer
1261 # to avoid blocking call to sleep.
1262
1263 my $end_time = time() + $background_delay;
1264
1265 my $task = PVE::Tools::upid_decode($upid);
1266
1267 my $running = 1;
1268 while (time() < $end_time) {
1269 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1270 last if !$running;
1271 sleep(1); # this gets interrupted when child process ends
1272 }
1273
1274 if (!$running) {
1275 my $status = PVE::Tools::upid_read_status($upid);
1276 return undef if $status eq 'OK';
1277 die $status;
1278 }
1279 }
1280
1281 return $upid;
1282 }
1283 };
1284
1285 return PVE::QemuConfig->lock_config($vmid, $updatefn);
1286 };
1287
1288 my $vm_config_perm_list = [
1289 'VM.Config.Disk',
1290 'VM.Config.CDROM',
1291 'VM.Config.CPU',
1292 'VM.Config.Memory',
1293 'VM.Config.Network',
1294 'VM.Config.HWType',
1295 'VM.Config.Options',
1296 ];
1297
1298 __PACKAGE__->register_method({
1299 name => 'update_vm_async',
1300 path => '{vmid}/config',
1301 method => 'POST',
1302 protected => 1,
1303 proxyto => 'node',
1304 description => "Set virtual machine options (asynchrounous API).",
1305 permissions => {
1306 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1307 },
1308 parameters => {
1309 additionalProperties => 0,
1310 properties => PVE::QemuServer::json_config_properties(
1311 {
1312 node => get_standard_option('pve-node'),
1313 vmid => get_standard_option('pve-vmid'),
1314 skiplock => get_standard_option('skiplock'),
1315 delete => {
1316 type => 'string', format => 'pve-configid-list',
1317 description => "A list of settings you want to delete.",
1318 optional => 1,
1319 },
1320 revert => {
1321 type => 'string', format => 'pve-configid-list',
1322 description => "Revert a pending change.",
1323 optional => 1,
1324 },
1325 force => {
1326 type => 'boolean',
1327 description => $opt_force_description,
1328 optional => 1,
1329 requires => 'delete',
1330 },
1331 digest => {
1332 type => 'string',
1333 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1334 maxLength => 40,
1335 optional => 1,
1336 },
1337 background_delay => {
1338 type => 'integer',
1339 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1340 minimum => 1,
1341 maximum => 30,
1342 optional => 1,
1343 },
1344 }),
1345 },
1346 returns => {
1347 type => 'string',
1348 optional => 1,
1349 },
1350 code => $update_vm_api,
1351 });
1352
1353 __PACKAGE__->register_method({
1354 name => 'update_vm',
1355 path => '{vmid}/config',
1356 method => 'PUT',
1357 protected => 1,
1358 proxyto => 'node',
1359 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1360 permissions => {
1361 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1362 },
1363 parameters => {
1364 additionalProperties => 0,
1365 properties => PVE::QemuServer::json_config_properties(
1366 {
1367 node => get_standard_option('pve-node'),
1368 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1369 skiplock => get_standard_option('skiplock'),
1370 delete => {
1371 type => 'string', format => 'pve-configid-list',
1372 description => "A list of settings you want to delete.",
1373 optional => 1,
1374 },
1375 revert => {
1376 type => 'string', format => 'pve-configid-list',
1377 description => "Revert a pending change.",
1378 optional => 1,
1379 },
1380 force => {
1381 type => 'boolean',
1382 description => $opt_force_description,
1383 optional => 1,
1384 requires => 'delete',
1385 },
1386 digest => {
1387 type => 'string',
1388 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1389 maxLength => 40,
1390 optional => 1,
1391 },
1392 }),
1393 },
1394 returns => { type => 'null' },
1395 code => sub {
1396 my ($param) = @_;
1397 &$update_vm_api($param, 1);
1398 return undef;
1399 }
1400 });
1401
1402 __PACKAGE__->register_method({
1403 name => 'destroy_vm',
1404 path => '{vmid}',
1405 method => 'DELETE',
1406 protected => 1,
1407 proxyto => 'node',
1408 description => "Destroy the vm (also delete all used/owned volumes).",
1409 permissions => {
1410 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1411 },
1412 parameters => {
1413 additionalProperties => 0,
1414 properties => {
1415 node => get_standard_option('pve-node'),
1416 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1417 skiplock => get_standard_option('skiplock'),
1418 purge => {
1419 type => 'boolean',
1420 description => "Remove vmid from backup cron jobs.",
1421 optional => 1,
1422 },
1423 },
1424 },
1425 returns => {
1426 type => 'string',
1427 },
1428 code => sub {
1429 my ($param) = @_;
1430
1431 my $rpcenv = PVE::RPCEnvironment::get();
1432 my $authuser = $rpcenv->get_user();
1433 my $vmid = $param->{vmid};
1434
1435 my $skiplock = $param->{skiplock};
1436 raise_param_exc({ skiplock => "Only root may use this option." })
1437 if $skiplock && $authuser ne 'root@pam';
1438
1439 # test if VM exists
1440 my $conf = PVE::QemuConfig->load_config($vmid);
1441 my $storecfg = PVE::Storage::config();
1442 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
1443 die "unable to remove VM $vmid - used in HA resources\n"
1444 if PVE::HA::Config::vm_is_ha_managed($vmid);
1445
1446 if (!$param->{purge}) {
1447 # don't allow destroy if with replication jobs but no purge param
1448 my $repl_conf = PVE::ReplicationConfig->new();
1449 $repl_conf->check_for_existing_jobs($vmid);
1450 }
1451
1452 # early tests (repeat after locking)
1453 die "VM $vmid is running - destroy failed\n"
1454 if PVE::QemuServer::check_running($vmid);
1455
1456 my $realcmd = sub {
1457 my $upid = shift;
1458
1459 syslog('info', "destroy VM $vmid: $upid\n");
1460 PVE::QemuConfig->lock_config($vmid, sub {
1461 die "VM $vmid is running - destroy failed\n"
1462 if (PVE::QemuServer::check_running($vmid));
1463
1464 PVE::QemuServer::destroy_vm($storecfg, $vmid, $skiplock, { lock => 'destroyed' });
1465
1466 PVE::AccessControl::remove_vm_access($vmid);
1467 PVE::Firewall::remove_vmfw_conf($vmid);
1468 if ($param->{purge}) {
1469 PVE::ReplicationConfig::remove_vmid_jobs($vmid);
1470 PVE::VZDump::Plugin::remove_vmid_from_backup_jobs($vmid);
1471 }
1472
1473 # only now remove the zombie config, else we can have reuse race
1474 PVE::QemuConfig->destroy_config($vmid);
1475 });
1476 };
1477
1478 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1479 }});
1480
1481 __PACKAGE__->register_method({
1482 name => 'unlink',
1483 path => '{vmid}/unlink',
1484 method => 'PUT',
1485 protected => 1,
1486 proxyto => 'node',
1487 description => "Unlink/delete disk images.",
1488 permissions => {
1489 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1490 },
1491 parameters => {
1492 additionalProperties => 0,
1493 properties => {
1494 node => get_standard_option('pve-node'),
1495 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1496 idlist => {
1497 type => 'string', format => 'pve-configid-list',
1498 description => "A list of disk IDs you want to delete.",
1499 },
1500 force => {
1501 type => 'boolean',
1502 description => $opt_force_description,
1503 optional => 1,
1504 },
1505 },
1506 },
1507 returns => { type => 'null'},
1508 code => sub {
1509 my ($param) = @_;
1510
1511 $param->{delete} = extract_param($param, 'idlist');
1512
1513 __PACKAGE__->update_vm($param);
1514
1515 return undef;
1516 }});
1517
1518 my $sslcert;
1519
1520 __PACKAGE__->register_method({
1521 name => 'vncproxy',
1522 path => '{vmid}/vncproxy',
1523 method => 'POST',
1524 protected => 1,
1525 permissions => {
1526 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1527 },
1528 description => "Creates a TCP VNC proxy connections.",
1529 parameters => {
1530 additionalProperties => 0,
1531 properties => {
1532 node => get_standard_option('pve-node'),
1533 vmid => get_standard_option('pve-vmid'),
1534 websocket => {
1535 optional => 1,
1536 type => 'boolean',
1537 description => "starts websockify instead of vncproxy",
1538 },
1539 },
1540 },
1541 returns => {
1542 additionalProperties => 0,
1543 properties => {
1544 user => { type => 'string' },
1545 ticket => { type => 'string' },
1546 cert => { type => 'string' },
1547 port => { type => 'integer' },
1548 upid => { type => 'string' },
1549 },
1550 },
1551 code => sub {
1552 my ($param) = @_;
1553
1554 my $rpcenv = PVE::RPCEnvironment::get();
1555
1556 my $authuser = $rpcenv->get_user();
1557
1558 my $vmid = $param->{vmid};
1559 my $node = $param->{node};
1560 my $websocket = $param->{websocket};
1561
1562 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1563 my $use_serial = ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/));
1564
1565 my $authpath = "/vms/$vmid";
1566
1567 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1568
1569 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1570 if !$sslcert;
1571
1572 my $family;
1573 my $remcmd = [];
1574
1575 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1576 (undef, $family) = PVE::Cluster::remote_node_ip($node);
1577 my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
1578 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1579 $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, $use_serial ? '-t' : '-T');
1580 } else {
1581 $family = PVE::Tools::get_host_address_family($node);
1582 }
1583
1584 my $port = PVE::Tools::next_vnc_port($family);
1585
1586 my $timeout = 10;
1587
1588 my $realcmd = sub {
1589 my $upid = shift;
1590
1591 syslog('info', "starting vnc proxy $upid\n");
1592
1593 my $cmd;
1594
1595 if ($use_serial) {
1596
1597 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga}, '-escape', '0' ];
1598
1599 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1600 '-timeout', $timeout, '-authpath', $authpath,
1601 '-perm', 'Sys.Console'];
1602
1603 if ($param->{websocket}) {
1604 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
1605 push @$cmd, '-notls', '-listen', 'localhost';
1606 }
1607
1608 push @$cmd, '-c', @$remcmd, @$termcmd;
1609
1610 PVE::Tools::run_command($cmd);
1611
1612 } else {
1613
1614 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1615
1616 $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1617
1618 my $sock = IO::Socket::IP->new(
1619 ReuseAddr => 1,
1620 Listen => 1,
1621 LocalPort => $port,
1622 Proto => 'tcp',
1623 GetAddrInfoFlags => 0,
1624 ) or die "failed to create socket: $!\n";
1625 # Inside the worker we shouldn't have any previous alarms
1626 # running anyway...:
1627 alarm(0);
1628 local $SIG{ALRM} = sub { die "connection timed out\n" };
1629 alarm $timeout;
1630 accept(my $cli, $sock) or die "connection failed: $!\n";
1631 alarm(0);
1632 close($sock);
1633 if (PVE::Tools::run_command($cmd,
1634 output => '>&'.fileno($cli),
1635 input => '<&'.fileno($cli),
1636 noerr => 1) != 0)
1637 {
1638 die "Failed to run vncproxy.\n";
1639 }
1640 }
1641
1642 return;
1643 };
1644
1645 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
1646
1647 PVE::Tools::wait_for_vnc_port($port);
1648
1649 return {
1650 user => $authuser,
1651 ticket => $ticket,
1652 port => $port,
1653 upid => $upid,
1654 cert => $sslcert,
1655 };
1656 }});
1657
1658 __PACKAGE__->register_method({
1659 name => 'termproxy',
1660 path => '{vmid}/termproxy',
1661 method => 'POST',
1662 protected => 1,
1663 permissions => {
1664 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1665 },
1666 description => "Creates a TCP proxy connections.",
1667 parameters => {
1668 additionalProperties => 0,
1669 properties => {
1670 node => get_standard_option('pve-node'),
1671 vmid => get_standard_option('pve-vmid'),
1672 serial=> {
1673 optional => 1,
1674 type => 'string',
1675 enum => [qw(serial0 serial1 serial2 serial3)],
1676 description => "opens a serial terminal (defaults to display)",
1677 },
1678 },
1679 },
1680 returns => {
1681 additionalProperties => 0,
1682 properties => {
1683 user => { type => 'string' },
1684 ticket => { type => 'string' },
1685 port => { type => 'integer' },
1686 upid => { type => 'string' },
1687 },
1688 },
1689 code => sub {
1690 my ($param) = @_;
1691
1692 my $rpcenv = PVE::RPCEnvironment::get();
1693
1694 my $authuser = $rpcenv->get_user();
1695
1696 my $vmid = $param->{vmid};
1697 my $node = $param->{node};
1698 my $serial = $param->{serial};
1699
1700 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1701
1702 if (!defined($serial)) {
1703 if ($conf->{vga} && $conf->{vga} =~ m/^serial\d+$/) {
1704 $serial = $conf->{vga};
1705 }
1706 }
1707
1708 my $authpath = "/vms/$vmid";
1709
1710 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1711
1712 my $family;
1713 my $remcmd = [];
1714
1715 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1716 (undef, $family) = PVE::Cluster::remote_node_ip($node);
1717 my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
1718 $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
1719 push @$remcmd, '--';
1720 } else {
1721 $family = PVE::Tools::get_host_address_family($node);
1722 }
1723
1724 my $port = PVE::Tools::next_vnc_port($family);
1725
1726 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-escape', '0'];
1727 push @$termcmd, '-iface', $serial if $serial;
1728
1729 my $realcmd = sub {
1730 my $upid = shift;
1731
1732 syslog('info', "starting qemu termproxy $upid\n");
1733
1734 my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
1735 '--perm', 'VM.Console', '--'];
1736 push @$cmd, @$remcmd, @$termcmd;
1737
1738 PVE::Tools::run_command($cmd);
1739 };
1740
1741 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
1742
1743 PVE::Tools::wait_for_vnc_port($port);
1744
1745 return {
1746 user => $authuser,
1747 ticket => $ticket,
1748 port => $port,
1749 upid => $upid,
1750 };
1751 }});
1752
1753 __PACKAGE__->register_method({
1754 name => 'vncwebsocket',
1755 path => '{vmid}/vncwebsocket',
1756 method => 'GET',
1757 permissions => {
1758 description => "You also need to pass a valid ticket (vncticket).",
1759 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1760 },
1761 description => "Opens a weksocket for VNC traffic.",
1762 parameters => {
1763 additionalProperties => 0,
1764 properties => {
1765 node => get_standard_option('pve-node'),
1766 vmid => get_standard_option('pve-vmid'),
1767 vncticket => {
1768 description => "Ticket from previous call to vncproxy.",
1769 type => 'string',
1770 maxLength => 512,
1771 },
1772 port => {
1773 description => "Port number returned by previous vncproxy call.",
1774 type => 'integer',
1775 minimum => 5900,
1776 maximum => 5999,
1777 },
1778 },
1779 },
1780 returns => {
1781 type => "object",
1782 properties => {
1783 port => { type => 'string' },
1784 },
1785 },
1786 code => sub {
1787 my ($param) = @_;
1788
1789 my $rpcenv = PVE::RPCEnvironment::get();
1790
1791 my $authuser = $rpcenv->get_user();
1792
1793 my $vmid = $param->{vmid};
1794 my $node = $param->{node};
1795
1796 my $authpath = "/vms/$vmid";
1797
1798 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1799
1800 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
1801
1802 # Note: VNC ports are acessible from outside, so we do not gain any
1803 # security if we verify that $param->{port} belongs to VM $vmid. This
1804 # check is done by verifying the VNC ticket (inside VNC protocol).
1805
1806 my $port = $param->{port};
1807
1808 return { port => $port };
1809 }});
1810
1811 __PACKAGE__->register_method({
1812 name => 'spiceproxy',
1813 path => '{vmid}/spiceproxy',
1814 method => 'POST',
1815 protected => 1,
1816 proxyto => 'node',
1817 permissions => {
1818 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1819 },
1820 description => "Returns a SPICE configuration to connect to the VM.",
1821 parameters => {
1822 additionalProperties => 0,
1823 properties => {
1824 node => get_standard_option('pve-node'),
1825 vmid => get_standard_option('pve-vmid'),
1826 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1827 },
1828 },
1829 returns => get_standard_option('remote-viewer-config'),
1830 code => sub {
1831 my ($param) = @_;
1832
1833 my $rpcenv = PVE::RPCEnvironment::get();
1834
1835 my $authuser = $rpcenv->get_user();
1836
1837 my $vmid = $param->{vmid};
1838 my $node = $param->{node};
1839 my $proxy = $param->{proxy};
1840
1841 my $conf = PVE::QemuConfig->load_config($vmid, $node);
1842 my $title = "VM $vmid";
1843 $title .= " - ". $conf->{name} if $conf->{name};
1844
1845 my $port = PVE::QemuServer::spice_port($vmid);
1846
1847 my ($ticket, undef, $remote_viewer_config) =
1848 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1849
1850 mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1851 mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1852
1853 return $remote_viewer_config;
1854 }});
1855
1856 __PACKAGE__->register_method({
1857 name => 'vmcmdidx',
1858 path => '{vmid}/status',
1859 method => 'GET',
1860 proxyto => 'node',
1861 description => "Directory index",
1862 permissions => {
1863 user => 'all',
1864 },
1865 parameters => {
1866 additionalProperties => 0,
1867 properties => {
1868 node => get_standard_option('pve-node'),
1869 vmid => get_standard_option('pve-vmid'),
1870 },
1871 },
1872 returns => {
1873 type => 'array',
1874 items => {
1875 type => "object",
1876 properties => {
1877 subdir => { type => 'string' },
1878 },
1879 },
1880 links => [ { rel => 'child', href => "{subdir}" } ],
1881 },
1882 code => sub {
1883 my ($param) = @_;
1884
1885 # test if VM exists
1886 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1887
1888 my $res = [
1889 { subdir => 'current' },
1890 { subdir => 'start' },
1891 { subdir => 'stop' },
1892 { subdir => 'reset' },
1893 { subdir => 'shutdown' },
1894 { subdir => 'suspend' },
1895 { subdir => 'reboot' },
1896 ];
1897
1898 return $res;
1899 }});
1900
1901 __PACKAGE__->register_method({
1902 name => 'vm_status',
1903 path => '{vmid}/status/current',
1904 method => 'GET',
1905 proxyto => 'node',
1906 protected => 1, # qemu pid files are only readable by root
1907 description => "Get virtual machine status.",
1908 permissions => {
1909 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1910 },
1911 parameters => {
1912 additionalProperties => 0,
1913 properties => {
1914 node => get_standard_option('pve-node'),
1915 vmid => get_standard_option('pve-vmid'),
1916 },
1917 },
1918 returns => {
1919 type => 'object',
1920 properties => {
1921 %$PVE::QemuServer::vmstatus_return_properties,
1922 ha => {
1923 description => "HA manager service status.",
1924 type => 'object',
1925 },
1926 spice => {
1927 description => "Qemu VGA configuration supports spice.",
1928 type => 'boolean',
1929 optional => 1,
1930 },
1931 agent => {
1932 description => "Qemu GuestAgent enabled in config.",
1933 type => 'boolean',
1934 optional => 1,
1935 },
1936 },
1937 },
1938 code => sub {
1939 my ($param) = @_;
1940
1941 # test if VM exists
1942 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1943
1944 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1945 my $status = $vmstatus->{$param->{vmid}};
1946
1947 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
1948
1949 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1950 $status->{agent} = 1 if (PVE::QemuServer::parse_guest_agent($conf)->{enabled});
1951
1952 return $status;
1953 }});
1954
1955 __PACKAGE__->register_method({
1956 name => 'vm_start',
1957 path => '{vmid}/status/start',
1958 method => 'POST',
1959 protected => 1,
1960 proxyto => 'node',
1961 description => "Start virtual machine.",
1962 permissions => {
1963 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1964 },
1965 parameters => {
1966 additionalProperties => 0,
1967 properties => {
1968 node => get_standard_option('pve-node'),
1969 vmid => get_standard_option('pve-vmid',
1970 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1971 skiplock => get_standard_option('skiplock'),
1972 stateuri => get_standard_option('pve-qm-stateuri'),
1973 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1974 migration_type => {
1975 type => 'string',
1976 enum => ['secure', 'insecure'],
1977 description => "Migration traffic is encrypted using an SSH " .
1978 "tunnel by default. On secure, completely private networks " .
1979 "this can be disabled to increase performance.",
1980 optional => 1,
1981 },
1982 migration_network => {
1983 type => 'string', format => 'CIDR',
1984 description => "CIDR of the (sub) network that is used for migration.",
1985 optional => 1,
1986 },
1987 machine => get_standard_option('pve-qemu-machine'),
1988 targetstorage => {
1989 description => "Target storage for the migration. (Can be '1' to use the same storage id as on the source node.)",
1990 type => 'string',
1991 optional => 1
1992 },
1993 timeout => {
1994 description => "Wait maximal timeout seconds.",
1995 type => 'integer',
1996 minimum => 0,
1997 optional => 1,
1998 },
1999 },
2000 },
2001 returns => {
2002 type => 'string',
2003 },
2004 code => sub {
2005 my ($param) = @_;
2006
2007 my $rpcenv = PVE::RPCEnvironment::get();
2008 my $authuser = $rpcenv->get_user();
2009
2010 my $node = extract_param($param, 'node');
2011 my $vmid = extract_param($param, 'vmid');
2012 my $timeout = extract_param($param, 'timeout');
2013
2014 my $machine = extract_param($param, 'machine');
2015
2016 my $get_root_param = sub {
2017 my $value = extract_param($param, $_[0]);
2018 raise_param_exc({ "$_[0]" => "Only root may use this option." })
2019 if $value && $authuser ne 'root@pam';
2020 return $value;
2021 };
2022
2023 my $stateuri = $get_root_param->('stateuri');
2024 my $skiplock = $get_root_param->('skiplock');
2025 my $migratedfrom = $get_root_param->('migratedfrom');
2026 my $migration_type = $get_root_param->('migration_type');
2027 my $migration_network = $get_root_param->('migration_network');
2028 my $targetstorage = $get_root_param->('targetstorage');
2029
2030 raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." })
2031 if $targetstorage && !$migratedfrom;
2032
2033 # read spice ticket from STDIN
2034 my $spice_ticket;
2035 if ($stateuri && ($stateuri eq 'tcp' || $stateuri eq 'unix') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
2036 if (defined(my $line = <STDIN>)) {
2037 chomp $line;
2038 $spice_ticket = $line;
2039 }
2040 }
2041
2042 PVE::Cluster::check_cfs_quorum();
2043
2044 my $storecfg = PVE::Storage::config();
2045
2046 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri && $rpcenv->{type} ne 'ha') {
2047 my $hacmd = sub {
2048 my $upid = shift;
2049
2050 print "Requesting HA start for VM $vmid\n";
2051
2052 my $cmd = ['ha-manager', 'set', "vm:$vmid", '--state', 'started'];
2053 PVE::Tools::run_command($cmd);
2054 return;
2055 };
2056
2057 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
2058
2059 } else {
2060
2061 my $realcmd = sub {
2062 my $upid = shift;
2063
2064 syslog('info', "start VM $vmid: $upid\n");
2065
2066 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, $machine,
2067 $spice_ticket, $migration_network, $migration_type, $targetstorage, $timeout);
2068 return;
2069 };
2070
2071 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
2072 }
2073 }});
2074
2075 __PACKAGE__->register_method({
2076 name => 'vm_stop',
2077 path => '{vmid}/status/stop',
2078 method => 'POST',
2079 protected => 1,
2080 proxyto => 'node',
2081 description => "Stop virtual machine. The qemu process will exit immediately. This" .
2082 "is akin to pulling the power plug of a running computer and may damage the VM data",
2083 permissions => {
2084 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2085 },
2086 parameters => {
2087 additionalProperties => 0,
2088 properties => {
2089 node => get_standard_option('pve-node'),
2090 vmid => get_standard_option('pve-vmid',
2091 { completion => \&PVE::QemuServer::complete_vmid_running }),
2092 skiplock => get_standard_option('skiplock'),
2093 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
2094 timeout => {
2095 description => "Wait maximal timeout seconds.",
2096 type => 'integer',
2097 minimum => 0,
2098 optional => 1,
2099 },
2100 keepActive => {
2101 description => "Do not deactivate storage volumes.",
2102 type => 'boolean',
2103 optional => 1,
2104 default => 0,
2105 }
2106 },
2107 },
2108 returns => {
2109 type => 'string',
2110 },
2111 code => sub {
2112 my ($param) = @_;
2113
2114 my $rpcenv = PVE::RPCEnvironment::get();
2115 my $authuser = $rpcenv->get_user();
2116
2117 my $node = extract_param($param, 'node');
2118 my $vmid = extract_param($param, 'vmid');
2119
2120 my $skiplock = extract_param($param, 'skiplock');
2121 raise_param_exc({ skiplock => "Only root may use this option." })
2122 if $skiplock && $authuser ne 'root@pam';
2123
2124 my $keepActive = extract_param($param, 'keepActive');
2125 raise_param_exc({ keepActive => "Only root may use this option." })
2126 if $keepActive && $authuser ne 'root@pam';
2127
2128 my $migratedfrom = extract_param($param, 'migratedfrom');
2129 raise_param_exc({ migratedfrom => "Only root may use this option." })
2130 if $migratedfrom && $authuser ne 'root@pam';
2131
2132
2133 my $storecfg = PVE::Storage::config();
2134
2135 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
2136
2137 my $hacmd = sub {
2138 my $upid = shift;
2139
2140 print "Requesting HA stop for VM $vmid\n";
2141
2142 my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", '0'];
2143 PVE::Tools::run_command($cmd);
2144 return;
2145 };
2146
2147 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
2148
2149 } else {
2150 my $realcmd = sub {
2151 my $upid = shift;
2152
2153 syslog('info', "stop VM $vmid: $upid\n");
2154
2155 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
2156 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
2157 return;
2158 };
2159
2160 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
2161 }
2162 }});
2163
2164 __PACKAGE__->register_method({
2165 name => 'vm_reset',
2166 path => '{vmid}/status/reset',
2167 method => 'POST',
2168 protected => 1,
2169 proxyto => 'node',
2170 description => "Reset virtual machine.",
2171 permissions => {
2172 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2173 },
2174 parameters => {
2175 additionalProperties => 0,
2176 properties => {
2177 node => get_standard_option('pve-node'),
2178 vmid => get_standard_option('pve-vmid',
2179 { completion => \&PVE::QemuServer::complete_vmid_running }),
2180 skiplock => get_standard_option('skiplock'),
2181 },
2182 },
2183 returns => {
2184 type => 'string',
2185 },
2186 code => sub {
2187 my ($param) = @_;
2188
2189 my $rpcenv = PVE::RPCEnvironment::get();
2190
2191 my $authuser = $rpcenv->get_user();
2192
2193 my $node = extract_param($param, 'node');
2194
2195 my $vmid = extract_param($param, 'vmid');
2196
2197 my $skiplock = extract_param($param, 'skiplock');
2198 raise_param_exc({ skiplock => "Only root may use this option." })
2199 if $skiplock && $authuser ne 'root@pam';
2200
2201 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2202
2203 my $realcmd = sub {
2204 my $upid = shift;
2205
2206 PVE::QemuServer::vm_reset($vmid, $skiplock);
2207
2208 return;
2209 };
2210
2211 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
2212 }});
2213
2214 __PACKAGE__->register_method({
2215 name => 'vm_shutdown',
2216 path => '{vmid}/status/shutdown',
2217 method => 'POST',
2218 protected => 1,
2219 proxyto => 'node',
2220 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
2221 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
2222 permissions => {
2223 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2224 },
2225 parameters => {
2226 additionalProperties => 0,
2227 properties => {
2228 node => get_standard_option('pve-node'),
2229 vmid => get_standard_option('pve-vmid',
2230 { completion => \&PVE::QemuServer::complete_vmid_running }),
2231 skiplock => get_standard_option('skiplock'),
2232 timeout => {
2233 description => "Wait maximal timeout seconds.",
2234 type => 'integer',
2235 minimum => 0,
2236 optional => 1,
2237 },
2238 forceStop => {
2239 description => "Make sure the VM stops.",
2240 type => 'boolean',
2241 optional => 1,
2242 default => 0,
2243 },
2244 keepActive => {
2245 description => "Do not deactivate storage volumes.",
2246 type => 'boolean',
2247 optional => 1,
2248 default => 0,
2249 }
2250 },
2251 },
2252 returns => {
2253 type => 'string',
2254 },
2255 code => sub {
2256 my ($param) = @_;
2257
2258 my $rpcenv = PVE::RPCEnvironment::get();
2259 my $authuser = $rpcenv->get_user();
2260
2261 my $node = extract_param($param, 'node');
2262 my $vmid = extract_param($param, 'vmid');
2263
2264 my $skiplock = extract_param($param, 'skiplock');
2265 raise_param_exc({ skiplock => "Only root may use this option." })
2266 if $skiplock && $authuser ne 'root@pam';
2267
2268 my $keepActive = extract_param($param, 'keepActive');
2269 raise_param_exc({ keepActive => "Only root may use this option." })
2270 if $keepActive && $authuser ne 'root@pam';
2271
2272 my $storecfg = PVE::Storage::config();
2273
2274 my $shutdown = 1;
2275
2276 # if vm is paused, do not shutdown (but stop if forceStop = 1)
2277 # otherwise, we will infer a shutdown command, but run into the timeout,
2278 # then when the vm is resumed, it will instantly shutdown
2279 #
2280 # checking the qmp status here to get feedback to the gui/cli/api
2281 # and the status query should not take too long
2282 my $qmpstatus = eval {
2283 PVE::QemuConfig::assert_config_exists_on_node($vmid);
2284 mon_cmd($vmid, "query-status");
2285 };
2286 my $err = $@ if $@;
2287
2288 if (!$err && $qmpstatus->{status} eq "paused") {
2289 if ($param->{forceStop}) {
2290 warn "VM is paused - stop instead of shutdown\n";
2291 $shutdown = 0;
2292 } else {
2293 die "VM is paused - cannot shutdown\n";
2294 }
2295 }
2296
2297 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2298
2299 my $timeout = $param->{timeout} // 60;
2300 my $hacmd = sub {
2301 my $upid = shift;
2302
2303 print "Requesting HA stop for VM $vmid\n";
2304
2305 my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", "$timeout"];
2306 PVE::Tools::run_command($cmd);
2307 return;
2308 };
2309
2310 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
2311
2312 } else {
2313
2314 my $realcmd = sub {
2315 my $upid = shift;
2316
2317 syslog('info', "shutdown VM $vmid: $upid\n");
2318
2319 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
2320 $shutdown, $param->{forceStop}, $keepActive);
2321 return;
2322 };
2323
2324 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
2325 }
2326 }});
2327
2328 __PACKAGE__->register_method({
2329 name => 'vm_reboot',
2330 path => '{vmid}/status/reboot',
2331 method => 'POST',
2332 protected => 1,
2333 proxyto => 'node',
2334 description => "Reboot the VM by shutting it down, and starting it again. Applies pending changes.",
2335 permissions => {
2336 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2337 },
2338 parameters => {
2339 additionalProperties => 0,
2340 properties => {
2341 node => get_standard_option('pve-node'),
2342 vmid => get_standard_option('pve-vmid',
2343 { completion => \&PVE::QemuServer::complete_vmid_running }),
2344 timeout => {
2345 description => "Wait maximal timeout seconds for the shutdown.",
2346 type => 'integer',
2347 minimum => 0,
2348 optional => 1,
2349 },
2350 },
2351 },
2352 returns => {
2353 type => 'string',
2354 },
2355 code => sub {
2356 my ($param) = @_;
2357
2358 my $rpcenv = PVE::RPCEnvironment::get();
2359 my $authuser = $rpcenv->get_user();
2360
2361 my $node = extract_param($param, 'node');
2362 my $vmid = extract_param($param, 'vmid');
2363
2364 my $qmpstatus = eval {
2365 PVE::QemuConfig::assert_config_exists_on_node($vmid);
2366 mon_cmd($vmid, "query-status");
2367 };
2368 my $err = $@ if $@;
2369
2370 if (!$err && $qmpstatus->{status} eq "paused") {
2371 die "VM is paused - cannot shutdown\n";
2372 }
2373
2374 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2375
2376 my $realcmd = sub {
2377 my $upid = shift;
2378
2379 syslog('info', "requesting reboot of VM $vmid: $upid\n");
2380 PVE::QemuServer::vm_reboot($vmid, $param->{timeout});
2381 return;
2382 };
2383
2384 return $rpcenv->fork_worker('qmreboot', $vmid, $authuser, $realcmd);
2385 }});
2386
2387 __PACKAGE__->register_method({
2388 name => 'vm_suspend',
2389 path => '{vmid}/status/suspend',
2390 method => 'POST',
2391 protected => 1,
2392 proxyto => 'node',
2393 description => "Suspend virtual machine.",
2394 permissions => {
2395 description => "You need 'VM.PowerMgmt' on /vms/{vmid}, and if you have set 'todisk',".
2396 " you need also 'VM.Config.Disk' on /vms/{vmid} and 'Datastore.AllocateSpace'".
2397 " on the storage for the vmstate.",
2398 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2399 },
2400 parameters => {
2401 additionalProperties => 0,
2402 properties => {
2403 node => get_standard_option('pve-node'),
2404 vmid => get_standard_option('pve-vmid',
2405 { completion => \&PVE::QemuServer::complete_vmid_running }),
2406 skiplock => get_standard_option('skiplock'),
2407 todisk => {
2408 type => 'boolean',
2409 default => 0,
2410 optional => 1,
2411 description => 'If set, suspends the VM to disk. Will be resumed on next VM start.',
2412 },
2413 statestorage => get_standard_option('pve-storage-id', {
2414 description => "The storage for the VM state",
2415 requires => 'todisk',
2416 optional => 1,
2417 completion => \&PVE::Storage::complete_storage_enabled,
2418 }),
2419 },
2420 },
2421 returns => {
2422 type => 'string',
2423 },
2424 code => sub {
2425 my ($param) = @_;
2426
2427 my $rpcenv = PVE::RPCEnvironment::get();
2428 my $authuser = $rpcenv->get_user();
2429
2430 my $node = extract_param($param, 'node');
2431 my $vmid = extract_param($param, 'vmid');
2432
2433 my $todisk = extract_param($param, 'todisk') // 0;
2434
2435 my $statestorage = extract_param($param, 'statestorage');
2436
2437 my $skiplock = extract_param($param, 'skiplock');
2438 raise_param_exc({ skiplock => "Only root may use this option." })
2439 if $skiplock && $authuser ne 'root@pam';
2440
2441 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2442
2443 die "Cannot suspend HA managed VM to disk\n"
2444 if $todisk && PVE::HA::Config::vm_is_ha_managed($vmid);
2445
2446 # early check for storage permission, for better user feedback
2447 if ($todisk) {
2448 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
2449
2450 if (!$statestorage) {
2451 # get statestorage from config if none is given
2452 my $conf = PVE::QemuConfig->load_config($vmid);
2453 my $storecfg = PVE::Storage::config();
2454 $statestorage = PVE::QemuServer::find_vmstate_storage($conf, $storecfg);
2455 }
2456
2457 $rpcenv->check($authuser, "/storage/$statestorage", ['Datastore.AllocateSpace']);
2458 }
2459
2460 my $realcmd = sub {
2461 my $upid = shift;
2462
2463 syslog('info', "suspend VM $vmid: $upid\n");
2464
2465 PVE::QemuServer::vm_suspend($vmid, $skiplock, $todisk, $statestorage);
2466
2467 return;
2468 };
2469
2470 my $taskname = $todisk ? 'qmsuspend' : 'qmpause';
2471 return $rpcenv->fork_worker($taskname, $vmid, $authuser, $realcmd);
2472 }});
2473
2474 __PACKAGE__->register_method({
2475 name => 'vm_resume',
2476 path => '{vmid}/status/resume',
2477 method => 'POST',
2478 protected => 1,
2479 proxyto => 'node',
2480 description => "Resume virtual machine.",
2481 permissions => {
2482 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2483 },
2484 parameters => {
2485 additionalProperties => 0,
2486 properties => {
2487 node => get_standard_option('pve-node'),
2488 vmid => get_standard_option('pve-vmid',
2489 { completion => \&PVE::QemuServer::complete_vmid_running }),
2490 skiplock => get_standard_option('skiplock'),
2491 nocheck => { type => 'boolean', optional => 1 },
2492
2493 },
2494 },
2495 returns => {
2496 type => 'string',
2497 },
2498 code => sub {
2499 my ($param) = @_;
2500
2501 my $rpcenv = PVE::RPCEnvironment::get();
2502
2503 my $authuser = $rpcenv->get_user();
2504
2505 my $node = extract_param($param, 'node');
2506
2507 my $vmid = extract_param($param, 'vmid');
2508
2509 my $skiplock = extract_param($param, 'skiplock');
2510 raise_param_exc({ skiplock => "Only root may use this option." })
2511 if $skiplock && $authuser ne 'root@pam';
2512
2513 my $nocheck = extract_param($param, 'nocheck');
2514
2515 my $to_disk_suspended;
2516 eval {
2517 PVE::QemuConfig->lock_config($vmid, sub {
2518 my $conf = PVE::QemuConfig->load_config($vmid);
2519 $to_disk_suspended = PVE::QemuConfig->has_lock($conf, 'suspended');
2520 });
2521 };
2522
2523 die "VM $vmid not running\n"
2524 if !$to_disk_suspended && !PVE::QemuServer::check_running($vmid, $nocheck);
2525
2526 my $realcmd = sub {
2527 my $upid = shift;
2528
2529 syslog('info', "resume VM $vmid: $upid\n");
2530
2531 if (!$to_disk_suspended) {
2532 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
2533 } else {
2534 my $storecfg = PVE::Storage::config();
2535 PVE::QemuServer::vm_start($storecfg, $vmid, undef, $skiplock);
2536 }
2537
2538 return;
2539 };
2540
2541 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2542 }});
2543
2544 __PACKAGE__->register_method({
2545 name => 'vm_sendkey',
2546 path => '{vmid}/sendkey',
2547 method => 'PUT',
2548 protected => 1,
2549 proxyto => 'node',
2550 description => "Send key event to virtual machine.",
2551 permissions => {
2552 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2553 },
2554 parameters => {
2555 additionalProperties => 0,
2556 properties => {
2557 node => get_standard_option('pve-node'),
2558 vmid => get_standard_option('pve-vmid',
2559 { completion => \&PVE::QemuServer::complete_vmid_running }),
2560 skiplock => get_standard_option('skiplock'),
2561 key => {
2562 description => "The key (qemu monitor encoding).",
2563 type => 'string'
2564 }
2565 },
2566 },
2567 returns => { type => 'null'},
2568 code => sub {
2569 my ($param) = @_;
2570
2571 my $rpcenv = PVE::RPCEnvironment::get();
2572
2573 my $authuser = $rpcenv->get_user();
2574
2575 my $node = extract_param($param, 'node');
2576
2577 my $vmid = extract_param($param, 'vmid');
2578
2579 my $skiplock = extract_param($param, 'skiplock');
2580 raise_param_exc({ skiplock => "Only root may use this option." })
2581 if $skiplock && $authuser ne 'root@pam';
2582
2583 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2584
2585 return;
2586 }});
2587
2588 __PACKAGE__->register_method({
2589 name => 'vm_feature',
2590 path => '{vmid}/feature',
2591 method => 'GET',
2592 proxyto => 'node',
2593 protected => 1,
2594 description => "Check if feature for virtual machine is available.",
2595 permissions => {
2596 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2597 },
2598 parameters => {
2599 additionalProperties => 0,
2600 properties => {
2601 node => get_standard_option('pve-node'),
2602 vmid => get_standard_option('pve-vmid'),
2603 feature => {
2604 description => "Feature to check.",
2605 type => 'string',
2606 enum => [ 'snapshot', 'clone', 'copy' ],
2607 },
2608 snapname => get_standard_option('pve-snapshot-name', {
2609 optional => 1,
2610 }),
2611 },
2612 },
2613 returns => {
2614 type => "object",
2615 properties => {
2616 hasFeature => { type => 'boolean' },
2617 nodes => {
2618 type => 'array',
2619 items => { type => 'string' },
2620 }
2621 },
2622 },
2623 code => sub {
2624 my ($param) = @_;
2625
2626 my $node = extract_param($param, 'node');
2627
2628 my $vmid = extract_param($param, 'vmid');
2629
2630 my $snapname = extract_param($param, 'snapname');
2631
2632 my $feature = extract_param($param, 'feature');
2633
2634 my $running = PVE::QemuServer::check_running($vmid);
2635
2636 my $conf = PVE::QemuConfig->load_config($vmid);
2637
2638 if($snapname){
2639 my $snap = $conf->{snapshots}->{$snapname};
2640 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2641 $conf = $snap;
2642 }
2643 my $storecfg = PVE::Storage::config();
2644
2645 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2646 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
2647
2648 return {
2649 hasFeature => $hasFeature,
2650 nodes => [ keys %$nodelist ],
2651 };
2652 }});
2653
2654 __PACKAGE__->register_method({
2655 name => 'clone_vm',
2656 path => '{vmid}/clone',
2657 method => 'POST',
2658 protected => 1,
2659 proxyto => 'node',
2660 description => "Create a copy of virtual machine/template.",
2661 permissions => {
2662 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2663 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2664 "'Datastore.AllocateSpace' on any used storage.",
2665 check =>
2666 [ 'and',
2667 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2668 [ 'or',
2669 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2670 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2671 ],
2672 ]
2673 },
2674 parameters => {
2675 additionalProperties => 0,
2676 properties => {
2677 node => get_standard_option('pve-node'),
2678 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2679 newid => get_standard_option('pve-vmid', {
2680 completion => \&PVE::Cluster::complete_next_vmid,
2681 description => 'VMID for the clone.' }),
2682 name => {
2683 optional => 1,
2684 type => 'string', format => 'dns-name',
2685 description => "Set a name for the new VM.",
2686 },
2687 description => {
2688 optional => 1,
2689 type => 'string',
2690 description => "Description for the new VM.",
2691 },
2692 pool => {
2693 optional => 1,
2694 type => 'string', format => 'pve-poolid',
2695 description => "Add the new VM to the specified pool.",
2696 },
2697 snapname => get_standard_option('pve-snapshot-name', {
2698 optional => 1,
2699 }),
2700 storage => get_standard_option('pve-storage-id', {
2701 description => "Target storage for full clone.",
2702 optional => 1,
2703 }),
2704 'format' => {
2705 description => "Target format for file storage. Only valid for full clone.",
2706 type => 'string',
2707 optional => 1,
2708 enum => [ 'raw', 'qcow2', 'vmdk'],
2709 },
2710 full => {
2711 optional => 1,
2712 type => 'boolean',
2713 description => "Create a full copy of all disks. This is always done when " .
2714 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2715 },
2716 target => get_standard_option('pve-node', {
2717 description => "Target node. Only allowed if the original VM is on shared storage.",
2718 optional => 1,
2719 }),
2720 bwlimit => {
2721 description => "Override I/O bandwidth limit (in KiB/s).",
2722 optional => 1,
2723 type => 'integer',
2724 minimum => '0',
2725 default => 'clone limit from datacenter or storage config',
2726 },
2727 },
2728 },
2729 returns => {
2730 type => 'string',
2731 },
2732 code => sub {
2733 my ($param) = @_;
2734
2735 my $rpcenv = PVE::RPCEnvironment::get();
2736 my $authuser = $rpcenv->get_user();
2737
2738 my $node = extract_param($param, 'node');
2739 my $vmid = extract_param($param, 'vmid');
2740 my $newid = extract_param($param, 'newid');
2741 my $pool = extract_param($param, 'pool');
2742 $rpcenv->check_pool_exist($pool) if defined($pool);
2743
2744 my $snapname = extract_param($param, 'snapname');
2745 my $storage = extract_param($param, 'storage');
2746 my $format = extract_param($param, 'format');
2747 my $target = extract_param($param, 'target');
2748
2749 my $localnode = PVE::INotify::nodename();
2750
2751 if ($target && ($target eq $localnode || $target eq 'localhost')) {
2752 undef $target;
2753 } else {
2754 PVE::Cluster::check_node_exists($target);
2755 }
2756
2757 my $storecfg = PVE::Storage::config();
2758
2759 if ($storage) {
2760 # check if storage is enabled on local node
2761 PVE::Storage::storage_check_enabled($storecfg, $storage);
2762 if ($target) {
2763 # check if storage is available on target node
2764 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2765 # clone only works if target storage is shared
2766 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2767 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2768 }
2769 }
2770
2771 PVE::Cluster::check_cfs_quorum();
2772
2773 my $running = PVE::QemuServer::check_running($vmid) || 0;
2774
2775 # exclusive lock if VM is running - else shared lock is enough;
2776 my $shared_lock = $running ? 0 : 1;
2777
2778 my $clonefn = sub {
2779 # do all tests after lock but before forking worker - if possible
2780
2781 my $conf = PVE::QemuConfig->load_config($vmid);
2782 PVE::QemuConfig->check_lock($conf);
2783
2784 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2785 die "unexpected state change\n" if $verify_running != $running;
2786
2787 die "snapshot '$snapname' does not exist\n"
2788 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2789
2790 my $full = extract_param($param, 'full') // !PVE::QemuConfig->is_template($conf);
2791
2792 die "parameter 'storage' not allowed for linked clones\n"
2793 if defined($storage) && !$full;
2794
2795 die "parameter 'format' not allowed for linked clones\n"
2796 if defined($format) && !$full;
2797
2798 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2799
2800 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2801
2802 die "can't clone VM to node '$target' (VM uses local storage)\n"
2803 if $target && !$sharedvm;
2804
2805 my $conffile = PVE::QemuConfig->config_file($newid);
2806 die "unable to create VM $newid: config file already exists\n"
2807 if -f $conffile;
2808
2809 my $newconf = { lock => 'clone' };
2810 my $drives = {};
2811 my $fullclone = {};
2812 my $vollist = [];
2813
2814 foreach my $opt (keys %$oldconf) {
2815 my $value = $oldconf->{$opt};
2816
2817 # do not copy snapshot related info
2818 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2819 $opt eq 'vmstate' || $opt eq 'snapstate';
2820
2821 # no need to copy unused images, because VMID(owner) changes anyways
2822 next if $opt =~ m/^unused\d+$/;
2823
2824 # always change MAC! address
2825 if ($opt =~ m/^net(\d+)$/) {
2826 my $net = PVE::QemuServer::parse_net($value);
2827 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2828 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
2829 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2830 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
2831 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2832 die "unable to parse drive options for '$opt'\n" if !$drive;
2833 if (PVE::QemuServer::drive_is_cdrom($drive, 1)) {
2834 $newconf->{$opt} = $value; # simply copy configuration
2835 } else {
2836 if ($full || PVE::QemuServer::drive_is_cloudinit($drive)) {
2837 die "Full clone feature is not supported for drive '$opt'\n"
2838 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2839 $fullclone->{$opt} = 1;
2840 } else {
2841 # not full means clone instead of copy
2842 die "Linked clone feature is not supported for drive '$opt'\n"
2843 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2844 }
2845 $drives->{$opt} = $drive;
2846 push @$vollist, $drive->{file};
2847 }
2848 } else {
2849 # copy everything else
2850 $newconf->{$opt} = $value;
2851 }
2852 }
2853
2854 # auto generate a new uuid
2855 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2856 $smbios1->{uuid} = PVE::QemuServer::generate_uuid();
2857 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2858 # auto generate a new vmgenid only if the option was set for template
2859 if ($newconf->{vmgenid}) {
2860 $newconf->{vmgenid} = PVE::QemuServer::generate_uuid();
2861 }
2862
2863 delete $newconf->{template};
2864
2865 if ($param->{name}) {
2866 $newconf->{name} = $param->{name};
2867 } else {
2868 $newconf->{name} = "Copy-of-VM-" . ($oldconf->{name} // $vmid);
2869 }
2870
2871 if ($param->{description}) {
2872 $newconf->{description} = $param->{description};
2873 }
2874
2875 # create empty/temp config - this fails if VM already exists on other node
2876 # FIXME use PVE::QemuConfig->create_and_lock_config and adapt code
2877 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2878
2879 my $realcmd = sub {
2880 my $upid = shift;
2881
2882 my $newvollist = [];
2883 my $jobs = {};
2884
2885 eval {
2886 local $SIG{INT} =
2887 local $SIG{TERM} =
2888 local $SIG{QUIT} =
2889 local $SIG{HUP} = sub { die "interrupted by signal\n"; };
2890
2891 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2892
2893 my $bwlimit = extract_param($param, 'bwlimit');
2894
2895 my $total_jobs = scalar(keys %{$drives});
2896 my $i = 1;
2897
2898 foreach my $opt (keys %$drives) {
2899 my $drive = $drives->{$opt};
2900 my $skipcomplete = ($total_jobs != $i); # finish after last drive
2901
2902 my $src_sid = PVE::Storage::parse_volume_id($drive->{file});
2903 my $storage_list = [ $src_sid ];
2904 push @$storage_list, $storage if defined($storage);
2905 my $clonelimit = PVE::Storage::get_bandwidth_limit('clone', $storage_list, $bwlimit);
2906
2907 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2908 $newid, $storage, $format, $fullclone->{$opt}, $newvollist,
2909 $jobs, $skipcomplete, $oldconf->{agent}, $clonelimit);
2910
2911 $newconf->{$opt} = PVE::QemuServer::print_drive($newdrive);
2912
2913 PVE::QemuConfig->write_config($newid, $newconf);
2914 $i++;
2915 }
2916
2917 delete $newconf->{lock};
2918
2919 # do not write pending changes
2920 if (my @changes = keys %{$newconf->{pending}}) {
2921 my $pending = join(',', @changes);
2922 warn "found pending changes for '$pending', discarding for clone\n";
2923 delete $newconf->{pending};
2924 }
2925
2926 PVE::QemuConfig->write_config($newid, $newconf);
2927
2928 if ($target) {
2929 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2930 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
2931 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
2932
2933 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
2934 die "Failed to move config to node '$target' - rename failed: $!\n"
2935 if !rename($conffile, $newconffile);
2936 }
2937
2938 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2939 };
2940 if (my $err = $@) {
2941 eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) };
2942 sleep 1; # some storage like rbd need to wait before release volume - really?
2943
2944 foreach my $volid (@$newvollist) {
2945 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2946 warn $@ if $@;
2947 }
2948
2949 PVE::Firewall::remove_vmfw_conf($newid);
2950
2951 unlink $conffile; # avoid races -> last thing before die
2952
2953 die "clone failed: $err";
2954 }
2955
2956 return;
2957 };
2958
2959 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2960
2961 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2962 };
2963
2964 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
2965 # Aquire exclusive lock lock for $newid
2966 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
2967 });
2968
2969 }});
2970
2971 __PACKAGE__->register_method({
2972 name => 'move_vm_disk',
2973 path => '{vmid}/move_disk',
2974 method => 'POST',
2975 protected => 1,
2976 proxyto => 'node',
2977 description => "Move volume to different storage.",
2978 permissions => {
2979 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, and 'Datastore.AllocateSpace' permissions on the storage.",
2980 check => [ 'and',
2981 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2982 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2983 ],
2984 },
2985 parameters => {
2986 additionalProperties => 0,
2987 properties => {
2988 node => get_standard_option('pve-node'),
2989 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2990 disk => {
2991 type => 'string',
2992 description => "The disk you want to move.",
2993 enum => [ PVE::QemuServer::valid_drive_names() ],
2994 },
2995 storage => get_standard_option('pve-storage-id', {
2996 description => "Target storage.",
2997 completion => \&PVE::QemuServer::complete_storage,
2998 }),
2999 'format' => {
3000 type => 'string',
3001 description => "Target Format.",
3002 enum => [ 'raw', 'qcow2', 'vmdk' ],
3003 optional => 1,
3004 },
3005 delete => {
3006 type => 'boolean',
3007 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
3008 optional => 1,
3009 default => 0,
3010 },
3011 digest => {
3012 type => 'string',
3013 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
3014 maxLength => 40,
3015 optional => 1,
3016 },
3017 bwlimit => {
3018 description => "Override I/O bandwidth limit (in KiB/s).",
3019 optional => 1,
3020 type => 'integer',
3021 minimum => '0',
3022 default => 'move limit from datacenter or storage config',
3023 },
3024 },
3025 },
3026 returns => {
3027 type => 'string',
3028 description => "the task ID.",
3029 },
3030 code => sub {
3031 my ($param) = @_;
3032
3033 my $rpcenv = PVE::RPCEnvironment::get();
3034 my $authuser = $rpcenv->get_user();
3035
3036 my $node = extract_param($param, 'node');
3037 my $vmid = extract_param($param, 'vmid');
3038 my $digest = extract_param($param, 'digest');
3039 my $disk = extract_param($param, 'disk');
3040 my $storeid = extract_param($param, 'storage');
3041 my $format = extract_param($param, 'format');
3042
3043 my $storecfg = PVE::Storage::config();
3044
3045 my $updatefn = sub {
3046 my $conf = PVE::QemuConfig->load_config($vmid);
3047 PVE::QemuConfig->check_lock($conf);
3048
3049 die "VM config checksum missmatch (file change by other user?)\n"
3050 if $digest && $digest ne $conf->{digest};
3051
3052 die "disk '$disk' does not exist\n" if !$conf->{$disk};
3053
3054 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
3055
3056 die "disk '$disk' has no associated volume\n" if !$drive->{file};
3057 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive, 1);
3058
3059 my $old_volid = $drive->{file};
3060 my $oldfmt;
3061 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
3062 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
3063 $oldfmt = $1;
3064 }
3065
3066 die "you can't move to the same storage with same format\n" if $oldstoreid eq $storeid &&
3067 (!$format || !$oldfmt || $oldfmt eq $format);
3068
3069 # this only checks snapshots because $disk is passed!
3070 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
3071 die "you can't move a disk with snapshots and delete the source\n"
3072 if $snapshotted && $param->{delete};
3073
3074 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
3075
3076 my $running = PVE::QemuServer::check_running($vmid);
3077
3078 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
3079
3080 my $realcmd = sub {
3081 my $newvollist = [];
3082
3083 eval {
3084 local $SIG{INT} =
3085 local $SIG{TERM} =
3086 local $SIG{QUIT} =
3087 local $SIG{HUP} = sub { die "interrupted by signal\n"; };
3088
3089 warn "moving disk with snapshots, snapshots will not be moved!\n"
3090 if $snapshotted;
3091
3092 my $bwlimit = extract_param($param, 'bwlimit');
3093 my $movelimit = PVE::Storage::get_bandwidth_limit('move', [$oldstoreid, $storeid], $bwlimit);
3094
3095 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
3096 $vmid, $storeid, $format, 1, $newvollist, undef, undef, undef, $movelimit);
3097
3098 $conf->{$disk} = PVE::QemuServer::print_drive($newdrive);
3099
3100 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
3101
3102 # convert moved disk to base if part of template
3103 PVE::QemuServer::template_create($vmid, $conf, $disk)
3104 if PVE::QemuConfig->is_template($conf);
3105
3106 PVE::QemuConfig->write_config($vmid, $conf);
3107
3108 my $do_trim = PVE::QemuServer::parse_guest_agent($conf)->{fstrim_cloned_disks};
3109 if ($running && $do_trim && PVE::QemuServer::qga_check_running($vmid)) {
3110 eval { mon_cmd($vmid, "guest-fstrim") };
3111 }
3112
3113 eval {
3114 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
3115 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
3116 if !$running;
3117 };
3118 warn $@ if $@;
3119 };
3120 if (my $err = $@) {
3121 foreach my $volid (@$newvollist) {
3122 eval { PVE::Storage::vdisk_free($storecfg, $volid) };
3123 warn $@ if $@;
3124 }
3125 die "storage migration failed: $err";
3126 }
3127
3128 if ($param->{delete}) {
3129 eval {
3130 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
3131 PVE::Storage::vdisk_free($storecfg, $old_volid);
3132 };
3133 warn $@ if $@;
3134 }
3135 };
3136
3137 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
3138 };
3139
3140 return PVE::QemuConfig->lock_config($vmid, $updatefn);
3141 }});
3142
3143 my $check_vm_disks_local = sub {
3144 my ($storecfg, $vmconf, $vmid) = @_;
3145
3146 my $local_disks = {};
3147
3148 # add some more information to the disks e.g. cdrom
3149 PVE::QemuServer::foreach_volid($vmconf, sub {
3150 my ($volid, $attr) = @_;
3151
3152 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
3153 if ($storeid) {
3154 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
3155 return if $scfg->{shared};
3156 }
3157 # The shared attr here is just a special case where the vdisk
3158 # is marked as shared manually
3159 return if $attr->{shared};
3160 return if $attr->{cdrom} and $volid eq "none";
3161
3162 if (exists $local_disks->{$volid}) {
3163 @{$local_disks->{$volid}}{keys %$attr} = values %$attr
3164 } else {
3165 $local_disks->{$volid} = $attr;
3166 # ensure volid is present in case it's needed
3167 $local_disks->{$volid}->{volid} = $volid;
3168 }
3169 });
3170
3171 return $local_disks;
3172 };
3173
3174 __PACKAGE__->register_method({
3175 name => 'migrate_vm_precondition',
3176 path => '{vmid}/migrate',
3177 method => 'GET',
3178 protected => 1,
3179 proxyto => 'node',
3180 description => "Get preconditions for migration.",
3181 permissions => {
3182 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
3183 },
3184 parameters => {
3185 additionalProperties => 0,
3186 properties => {
3187 node => get_standard_option('pve-node'),
3188 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3189 target => get_standard_option('pve-node', {
3190 description => "Target node.",
3191 completion => \&PVE::Cluster::complete_migration_target,
3192 optional => 1,
3193 }),
3194 },
3195 },
3196 returns => {
3197 type => "object",
3198 properties => {
3199 running => { type => 'boolean' },
3200 allowed_nodes => {
3201 type => 'array',
3202 optional => 1,
3203 description => "List nodes allowed for offline migration, only passed if VM is offline"
3204 },
3205 not_allowed_nodes => {
3206 type => 'object',
3207 optional => 1,
3208 description => "List not allowed nodes with additional informations, only passed if VM is offline"
3209 },
3210 local_disks => {
3211 type => 'array',
3212 description => "List local disks including CD-Rom, unsused and not referenced disks"
3213 },
3214 local_resources => {
3215 type => 'array',
3216 description => "List local resources e.g. pci, usb"
3217 }
3218 },
3219 },
3220 code => sub {
3221 my ($param) = @_;
3222
3223 my $rpcenv = PVE::RPCEnvironment::get();
3224
3225 my $authuser = $rpcenv->get_user();
3226
3227 PVE::Cluster::check_cfs_quorum();
3228
3229 my $res = {};
3230
3231 my $vmid = extract_param($param, 'vmid');
3232 my $target = extract_param($param, 'target');
3233 my $localnode = PVE::INotify::nodename();
3234
3235
3236 # test if VM exists
3237 my $vmconf = PVE::QemuConfig->load_config($vmid);
3238 my $storecfg = PVE::Storage::config();
3239
3240
3241 # try to detect errors early
3242 PVE::QemuConfig->check_lock($vmconf);
3243
3244 $res->{running} = PVE::QemuServer::check_running($vmid) ? 1:0;
3245
3246 # if vm is not running, return target nodes where local storage is available
3247 # for offline migration
3248 if (!$res->{running}) {
3249 $res->{allowed_nodes} = [];
3250 my $checked_nodes = PVE::QemuServer::check_local_storage_availability($vmconf, $storecfg);
3251 delete $checked_nodes->{$localnode};
3252
3253 foreach my $node (keys %$checked_nodes) {
3254 if (!defined $checked_nodes->{$node}->{unavailable_storages}) {
3255 push @{$res->{allowed_nodes}}, $node;
3256 }
3257
3258 }
3259 $res->{not_allowed_nodes} = $checked_nodes;
3260 }
3261
3262
3263 my $local_disks = &$check_vm_disks_local($storecfg, $vmconf, $vmid);
3264 $res->{local_disks} = [ values %$local_disks ];;
3265
3266 my $local_resources = PVE::QemuServer::check_local_resources($vmconf, 1);
3267
3268 $res->{local_resources} = $local_resources;
3269
3270 return $res;
3271
3272
3273 }});
3274
3275 __PACKAGE__->register_method({
3276 name => 'migrate_vm',
3277 path => '{vmid}/migrate',
3278 method => 'POST',
3279 protected => 1,
3280 proxyto => 'node',
3281 description => "Migrate virtual machine. Creates a new migration task.",
3282 permissions => {
3283 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
3284 },
3285 parameters => {
3286 additionalProperties => 0,
3287 properties => {
3288 node => get_standard_option('pve-node'),
3289 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3290 target => get_standard_option('pve-node', {
3291 description => "Target node.",
3292 completion => \&PVE::Cluster::complete_migration_target,
3293 }),
3294 online => {
3295 type => 'boolean',
3296 description => "Use online/live migration if VM is running. Ignored if VM is stopped.",
3297 optional => 1,
3298 },
3299 force => {
3300 type => 'boolean',
3301 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
3302 optional => 1,
3303 },
3304 migration_type => {
3305 type => 'string',
3306 enum => ['secure', 'insecure'],
3307 description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.",
3308 optional => 1,
3309 },
3310 migration_network => {
3311 type => 'string', format => 'CIDR',
3312 description => "CIDR of the (sub) network that is used for migration.",
3313 optional => 1,
3314 },
3315 "with-local-disks" => {
3316 type => 'boolean',
3317 description => "Enable live storage migration for local disk",
3318 optional => 1,
3319 },
3320 targetstorage => get_standard_option('pve-storage-id', {
3321 description => "Default target storage.",
3322 optional => 1,
3323 completion => \&PVE::QemuServer::complete_migration_storage,
3324 }),
3325 bwlimit => {
3326 description => "Override I/O bandwidth limit (in KiB/s).",
3327 optional => 1,
3328 type => 'integer',
3329 minimum => '0',
3330 default => 'migrate limit from datacenter or storage config',
3331 },
3332 },
3333 },
3334 returns => {
3335 type => 'string',
3336 description => "the task ID.",
3337 },
3338 code => sub {
3339 my ($param) = @_;
3340
3341 my $rpcenv = PVE::RPCEnvironment::get();
3342 my $authuser = $rpcenv->get_user();
3343
3344 my $target = extract_param($param, 'target');
3345
3346 my $localnode = PVE::INotify::nodename();
3347 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
3348
3349 PVE::Cluster::check_cfs_quorum();
3350
3351 PVE::Cluster::check_node_exists($target);
3352
3353 my $targetip = PVE::Cluster::remote_node_ip($target);
3354
3355 my $vmid = extract_param($param, 'vmid');
3356
3357 raise_param_exc({ force => "Only root may use this option." })
3358 if $param->{force} && $authuser ne 'root@pam';
3359
3360 raise_param_exc({ migration_type => "Only root may use this option." })
3361 if $param->{migration_type} && $authuser ne 'root@pam';
3362
3363 # allow root only until better network permissions are available
3364 raise_param_exc({ migration_network => "Only root may use this option." })
3365 if $param->{migration_network} && $authuser ne 'root@pam';
3366
3367 # test if VM exists
3368 my $conf = PVE::QemuConfig->load_config($vmid);
3369
3370 # try to detect errors early
3371
3372 PVE::QemuConfig->check_lock($conf);
3373
3374 if (PVE::QemuServer::check_running($vmid)) {
3375 die "can't migrate running VM without --online\n" if !$param->{online};
3376 } else {
3377 warn "VM isn't running. Doing offline migration instead.\n" if $param->{online};
3378 $param->{online} = 0;
3379 }
3380
3381 raise_param_exc({ targetstorage => "Live storage migration can only be done online." })
3382 if !$param->{online} && $param->{targetstorage};
3383
3384 my $storecfg = PVE::Storage::config();
3385
3386 if( $param->{targetstorage}) {
3387 PVE::Storage::storage_check_node($storecfg, $param->{targetstorage}, $target);
3388 } else {
3389 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
3390 }
3391
3392 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
3393
3394 my $hacmd = sub {
3395 my $upid = shift;
3396
3397 print "Requesting HA migration for VM $vmid to node $target\n";
3398
3399 my $cmd = ['ha-manager', 'migrate', "vm:$vmid", $target];
3400 PVE::Tools::run_command($cmd);
3401 return;
3402 };
3403
3404 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
3405
3406 } else {
3407
3408 my $realcmd = sub {
3409 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
3410 };
3411
3412 my $worker = sub {
3413 return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
3414 };
3415
3416 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $worker);
3417 }
3418
3419 }});
3420
3421 __PACKAGE__->register_method({
3422 name => 'monitor',
3423 path => '{vmid}/monitor',
3424 method => 'POST',
3425 protected => 1,
3426 proxyto => 'node',
3427 description => "Execute Qemu monitor commands.",
3428 permissions => {
3429 description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
3430 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
3431 },
3432 parameters => {
3433 additionalProperties => 0,
3434 properties => {
3435 node => get_standard_option('pve-node'),
3436 vmid => get_standard_option('pve-vmid'),
3437 command => {
3438 type => 'string',
3439 description => "The monitor command.",
3440 }
3441 },
3442 },
3443 returns => { type => 'string'},
3444 code => sub {
3445 my ($param) = @_;
3446
3447 my $rpcenv = PVE::RPCEnvironment::get();
3448 my $authuser = $rpcenv->get_user();
3449
3450 my $is_ro = sub {
3451 my $command = shift;
3452 return $command =~ m/^\s*info(\s+|$)/
3453 || $command =~ m/^\s*help\s*$/;
3454 };
3455
3456 $rpcenv->check_full($authuser, "/", ['Sys.Modify'])
3457 if !&$is_ro($param->{command});
3458
3459 my $vmid = $param->{vmid};
3460
3461 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
3462
3463 my $res = '';
3464 eval {
3465 $res = PVE::QemuServer::Monitor::hmp_cmd($vmid, $param->{command});
3466 };
3467 $res = "ERROR: $@" if $@;
3468
3469 return $res;
3470 }});
3471
3472 __PACKAGE__->register_method({
3473 name => 'resize_vm',
3474 path => '{vmid}/resize',
3475 method => 'PUT',
3476 protected => 1,
3477 proxyto => 'node',
3478 description => "Extend volume size.",
3479 permissions => {
3480 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
3481 },
3482 parameters => {
3483 additionalProperties => 0,
3484 properties => {
3485 node => get_standard_option('pve-node'),
3486 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3487 skiplock => get_standard_option('skiplock'),
3488 disk => {
3489 type => 'string',
3490 description => "The disk you want to resize.",
3491 enum => [PVE::QemuServer::valid_drive_names()],
3492 },
3493 size => {
3494 type => 'string',
3495 pattern => '\+?\d+(\.\d+)?[KMGT]?',
3496 description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
3497 },
3498 digest => {
3499 type => 'string',
3500 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
3501 maxLength => 40,
3502 optional => 1,
3503 },
3504 },
3505 },
3506 returns => { type => 'null'},
3507 code => sub {
3508 my ($param) = @_;
3509
3510 my $rpcenv = PVE::RPCEnvironment::get();
3511
3512 my $authuser = $rpcenv->get_user();
3513
3514 my $node = extract_param($param, 'node');
3515
3516 my $vmid = extract_param($param, 'vmid');
3517
3518 my $digest = extract_param($param, 'digest');
3519
3520 my $disk = extract_param($param, 'disk');
3521
3522 my $sizestr = extract_param($param, 'size');
3523
3524 my $skiplock = extract_param($param, 'skiplock');
3525 raise_param_exc({ skiplock => "Only root may use this option." })
3526 if $skiplock && $authuser ne 'root@pam';
3527
3528 my $storecfg = PVE::Storage::config();
3529
3530 my $updatefn = sub {
3531
3532 my $conf = PVE::QemuConfig->load_config($vmid);
3533
3534 die "checksum missmatch (file change by other user?)\n"
3535 if $digest && $digest ne $conf->{digest};
3536 PVE::QemuConfig->check_lock($conf) if !$skiplock;
3537
3538 die "disk '$disk' does not exist\n" if !$conf->{$disk};
3539
3540 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
3541
3542 my (undef, undef, undef, undef, undef, undef, $format) =
3543 PVE::Storage::parse_volname($storecfg, $drive->{file});
3544
3545 die "can't resize volume: $disk if snapshot exists\n"
3546 if %{$conf->{snapshots}} && $format eq 'qcow2';
3547
3548 my $volid = $drive->{file};
3549
3550 die "disk '$disk' has no associated volume\n" if !$volid;
3551
3552 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
3553
3554 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
3555
3556 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
3557
3558 PVE::Storage::activate_volumes($storecfg, [$volid]);
3559 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
3560
3561 die "Could not determine current size of volume '$volid'\n" if !defined($size);
3562
3563 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
3564 my ($ext, $newsize, $unit) = ($1, $2, $4);
3565 if ($unit) {
3566 if ($unit eq 'K') {
3567 $newsize = $newsize * 1024;
3568 } elsif ($unit eq 'M') {
3569 $newsize = $newsize * 1024 * 1024;
3570 } elsif ($unit eq 'G') {
3571 $newsize = $newsize * 1024 * 1024 * 1024;
3572 } elsif ($unit eq 'T') {
3573 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
3574 }
3575 }
3576 $newsize += $size if $ext;
3577 $newsize = int($newsize);
3578
3579 die "shrinking disks is not supported\n" if $newsize < $size;
3580
3581 return if $size == $newsize;
3582
3583 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
3584
3585 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
3586
3587 $drive->{size} = $newsize;
3588 $conf->{$disk} = PVE::QemuServer::print_drive($drive);
3589
3590 PVE::QemuConfig->write_config($vmid, $conf);
3591 };
3592
3593 PVE::QemuConfig->lock_config($vmid, $updatefn);
3594 return undef;
3595 }});
3596
3597 __PACKAGE__->register_method({
3598 name => 'snapshot_list',
3599 path => '{vmid}/snapshot',
3600 method => 'GET',
3601 description => "List all snapshots.",
3602 permissions => {
3603 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
3604 },
3605 proxyto => 'node',
3606 protected => 1, # qemu pid files are only readable by root
3607 parameters => {
3608 additionalProperties => 0,
3609 properties => {
3610 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3611 node => get_standard_option('pve-node'),
3612 },
3613 },
3614 returns => {
3615 type => 'array',
3616 items => {
3617 type => "object",
3618 properties => {
3619 name => {
3620 description => "Snapshot identifier. Value 'current' identifies the current VM.",
3621 type => 'string',
3622 },
3623 vmstate => {
3624 description => "Snapshot includes RAM.",
3625 type => 'boolean',
3626 optional => 1,
3627 },
3628 description => {
3629 description => "Snapshot description.",
3630 type => 'string',
3631 },
3632 snaptime => {
3633 description => "Snapshot creation time",
3634 type => 'integer',
3635 renderer => 'timestamp',
3636 optional => 1,
3637 },
3638 parent => {
3639 description => "Parent snapshot identifier.",
3640 type => 'string',
3641 optional => 1,
3642 },
3643 },
3644 },
3645 links => [ { rel => 'child', href => "{name}" } ],
3646 },
3647 code => sub {
3648 my ($param) = @_;
3649
3650 my $vmid = $param->{vmid};
3651
3652 my $conf = PVE::QemuConfig->load_config($vmid);
3653 my $snaphash = $conf->{snapshots} || {};
3654
3655 my $res = [];
3656
3657 foreach my $name (keys %$snaphash) {
3658 my $d = $snaphash->{$name};
3659 my $item = {
3660 name => $name,
3661 snaptime => $d->{snaptime} || 0,
3662 vmstate => $d->{vmstate} ? 1 : 0,
3663 description => $d->{description} || '',
3664 };
3665 $item->{parent} = $d->{parent} if $d->{parent};
3666 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
3667 push @$res, $item;
3668 }
3669
3670 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
3671 my $current = {
3672 name => 'current',
3673 digest => $conf->{digest},
3674 running => $running,
3675 description => "You are here!",
3676 };
3677 $current->{parent} = $conf->{parent} if $conf->{parent};
3678
3679 push @$res, $current;
3680
3681 return $res;
3682 }});
3683
3684 __PACKAGE__->register_method({
3685 name => 'snapshot',
3686 path => '{vmid}/snapshot',
3687 method => 'POST',
3688 protected => 1,
3689 proxyto => 'node',
3690 description => "Snapshot a VM.",
3691 permissions => {
3692 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3693 },
3694 parameters => {
3695 additionalProperties => 0,
3696 properties => {
3697 node => get_standard_option('pve-node'),
3698 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3699 snapname => get_standard_option('pve-snapshot-name'),
3700 vmstate => {
3701 optional => 1,
3702 type => 'boolean',
3703 description => "Save the vmstate",
3704 },
3705 description => {
3706 optional => 1,
3707 type => 'string',
3708 description => "A textual description or comment.",
3709 },
3710 },
3711 },
3712 returns => {
3713 type => 'string',
3714 description => "the task ID.",
3715 },
3716 code => sub {
3717 my ($param) = @_;
3718
3719 my $rpcenv = PVE::RPCEnvironment::get();
3720
3721 my $authuser = $rpcenv->get_user();
3722
3723 my $node = extract_param($param, 'node');
3724
3725 my $vmid = extract_param($param, 'vmid');
3726
3727 my $snapname = extract_param($param, 'snapname');
3728
3729 die "unable to use snapshot name 'current' (reserved name)\n"
3730 if $snapname eq 'current';
3731
3732 die "unable to use snapshot name 'pending' (reserved name)\n"
3733 if lc($snapname) eq 'pending';
3734
3735 my $realcmd = sub {
3736 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
3737 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
3738 $param->{description});
3739 };
3740
3741 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
3742 }});
3743
3744 __PACKAGE__->register_method({
3745 name => 'snapshot_cmd_idx',
3746 path => '{vmid}/snapshot/{snapname}',
3747 description => '',
3748 method => 'GET',
3749 permissions => {
3750 user => 'all',
3751 },
3752 parameters => {
3753 additionalProperties => 0,
3754 properties => {
3755 vmid => get_standard_option('pve-vmid'),
3756 node => get_standard_option('pve-node'),
3757 snapname => get_standard_option('pve-snapshot-name'),
3758 },
3759 },
3760 returns => {
3761 type => 'array',
3762 items => {
3763 type => "object",
3764 properties => {},
3765 },
3766 links => [ { rel => 'child', href => "{cmd}" } ],
3767 },
3768 code => sub {
3769 my ($param) = @_;
3770
3771 my $res = [];
3772
3773 push @$res, { cmd => 'rollback' };
3774 push @$res, { cmd => 'config' };
3775
3776 return $res;
3777 }});
3778
3779 __PACKAGE__->register_method({
3780 name => 'update_snapshot_config',
3781 path => '{vmid}/snapshot/{snapname}/config',
3782 method => 'PUT',
3783 protected => 1,
3784 proxyto => 'node',
3785 description => "Update snapshot metadata.",
3786 permissions => {
3787 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3788 },
3789 parameters => {
3790 additionalProperties => 0,
3791 properties => {
3792 node => get_standard_option('pve-node'),
3793 vmid => get_standard_option('pve-vmid'),
3794 snapname => get_standard_option('pve-snapshot-name'),
3795 description => {
3796 optional => 1,
3797 type => 'string',
3798 description => "A textual description or comment.",
3799 },
3800 },
3801 },
3802 returns => { type => 'null' },
3803 code => sub {
3804 my ($param) = @_;
3805
3806 my $rpcenv = PVE::RPCEnvironment::get();
3807
3808 my $authuser = $rpcenv->get_user();
3809
3810 my $vmid = extract_param($param, 'vmid');
3811
3812 my $snapname = extract_param($param, 'snapname');
3813
3814 return undef if !defined($param->{description});
3815
3816 my $updatefn = sub {
3817
3818 my $conf = PVE::QemuConfig->load_config($vmid);
3819
3820 PVE::QemuConfig->check_lock($conf);
3821
3822 my $snap = $conf->{snapshots}->{$snapname};
3823
3824 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3825
3826 $snap->{description} = $param->{description} if defined($param->{description});
3827
3828 PVE::QemuConfig->write_config($vmid, $conf);
3829 };
3830
3831 PVE::QemuConfig->lock_config($vmid, $updatefn);
3832
3833 return undef;
3834 }});
3835
3836 __PACKAGE__->register_method({
3837 name => 'get_snapshot_config',
3838 path => '{vmid}/snapshot/{snapname}/config',
3839 method => 'GET',
3840 proxyto => 'node',
3841 description => "Get snapshot configuration",
3842 permissions => {
3843 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
3844 },
3845 parameters => {
3846 additionalProperties => 0,
3847 properties => {
3848 node => get_standard_option('pve-node'),
3849 vmid => get_standard_option('pve-vmid'),
3850 snapname => get_standard_option('pve-snapshot-name'),
3851 },
3852 },
3853 returns => { type => "object" },
3854 code => sub {
3855 my ($param) = @_;
3856
3857 my $rpcenv = PVE::RPCEnvironment::get();
3858
3859 my $authuser = $rpcenv->get_user();
3860
3861 my $vmid = extract_param($param, 'vmid');
3862
3863 my $snapname = extract_param($param, 'snapname');
3864
3865 my $conf = PVE::QemuConfig->load_config($vmid);
3866
3867 my $snap = $conf->{snapshots}->{$snapname};
3868
3869 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3870
3871 return $snap;
3872 }});
3873
3874 __PACKAGE__->register_method({
3875 name => 'rollback',
3876 path => '{vmid}/snapshot/{snapname}/rollback',
3877 method => 'POST',
3878 protected => 1,
3879 proxyto => 'node',
3880 description => "Rollback VM state to specified snapshot.",
3881 permissions => {
3882 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
3883 },
3884 parameters => {
3885 additionalProperties => 0,
3886 properties => {
3887 node => get_standard_option('pve-node'),
3888 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3889 snapname => get_standard_option('pve-snapshot-name'),
3890 },
3891 },
3892 returns => {
3893 type => 'string',
3894 description => "the task ID.",
3895 },
3896 code => sub {
3897 my ($param) = @_;
3898
3899 my $rpcenv = PVE::RPCEnvironment::get();
3900
3901 my $authuser = $rpcenv->get_user();
3902
3903 my $node = extract_param($param, 'node');
3904
3905 my $vmid = extract_param($param, 'vmid');
3906
3907 my $snapname = extract_param($param, 'snapname');
3908
3909 my $realcmd = sub {
3910 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3911 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
3912 };
3913
3914 my $worker = sub {
3915 # hold migration lock, this makes sure that nobody create replication snapshots
3916 return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
3917 };
3918
3919 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $worker);
3920 }});
3921
3922 __PACKAGE__->register_method({
3923 name => 'delsnapshot',
3924 path => '{vmid}/snapshot/{snapname}',
3925 method => 'DELETE',
3926 protected => 1,
3927 proxyto => 'node',
3928 description => "Delete a VM snapshot.",
3929 permissions => {
3930 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3931 },
3932 parameters => {
3933 additionalProperties => 0,
3934 properties => {
3935 node => get_standard_option('pve-node'),
3936 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3937 snapname => get_standard_option('pve-snapshot-name'),
3938 force => {
3939 optional => 1,
3940 type => 'boolean',
3941 description => "For removal from config file, even if removing disk snapshots fails.",
3942 },
3943 },
3944 },
3945 returns => {
3946 type => 'string',
3947 description => "the task ID.",
3948 },
3949 code => sub {
3950 my ($param) = @_;
3951
3952 my $rpcenv = PVE::RPCEnvironment::get();
3953
3954 my $authuser = $rpcenv->get_user();
3955
3956 my $node = extract_param($param, 'node');
3957
3958 my $vmid = extract_param($param, 'vmid');
3959
3960 my $snapname = extract_param($param, 'snapname');
3961
3962 my $realcmd = sub {
3963 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3964 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
3965 };
3966
3967 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3968 }});
3969
3970 __PACKAGE__->register_method({
3971 name => 'template',
3972 path => '{vmid}/template',
3973 method => 'POST',
3974 protected => 1,
3975 proxyto => 'node',
3976 description => "Create a Template.",
3977 permissions => {
3978 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3979 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3980 },
3981 parameters => {
3982 additionalProperties => 0,
3983 properties => {
3984 node => get_standard_option('pve-node'),
3985 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3986 disk => {
3987 optional => 1,
3988 type => 'string',
3989 description => "If you want to convert only 1 disk to base image.",
3990 enum => [PVE::QemuServer::valid_drive_names()],
3991 },
3992
3993 },
3994 },
3995 returns => { type => 'null'},
3996 code => sub {
3997 my ($param) = @_;
3998
3999 my $rpcenv = PVE::RPCEnvironment::get();
4000
4001 my $authuser = $rpcenv->get_user();
4002
4003 my $node = extract_param($param, 'node');
4004
4005 my $vmid = extract_param($param, 'vmid');
4006
4007 my $disk = extract_param($param, 'disk');
4008
4009 my $updatefn = sub {
4010
4011 my $conf = PVE::QemuConfig->load_config($vmid);
4012
4013 PVE::QemuConfig->check_lock($conf);
4014
4015 die "unable to create template, because VM contains snapshots\n"
4016 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
4017
4018 die "you can't convert a template to a template\n"
4019 if PVE::QemuConfig->is_template($conf) && !$disk;
4020
4021 die "you can't convert a VM to template if VM is running\n"
4022 if PVE::QemuServer::check_running($vmid);
4023
4024 my $realcmd = sub {
4025 PVE::QemuServer::template_create($vmid, $conf, $disk);
4026 };
4027
4028 $conf->{template} = 1;
4029 PVE::QemuConfig->write_config($vmid, $conf);
4030
4031 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
4032 };
4033
4034 PVE::QemuConfig->lock_config($vmid, $updatefn);
4035 return undef;
4036 }});
4037
4038 __PACKAGE__->register_method({
4039 name => 'cloudinit_generated_config_dump',
4040 path => '{vmid}/cloudinit/dump',
4041 method => 'GET',
4042 proxyto => 'node',
4043 description => "Get automatically generated cloudinit config.",
4044 permissions => {
4045 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
4046 },
4047 parameters => {
4048 additionalProperties => 0,
4049 properties => {
4050 node => get_standard_option('pve-node'),
4051 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
4052 type => {
4053 description => 'Config type.',
4054 type => 'string',
4055 enum => ['user', 'network', 'meta'],
4056 },
4057 },
4058 },
4059 returns => {
4060 type => 'string',
4061 },
4062 code => sub {
4063 my ($param) = @_;
4064
4065 my $conf = PVE::QemuConfig->load_config($param->{vmid});
4066
4067 return PVE::QemuServer::Cloudinit::dump_cloudinit_config($conf, $param->{vmid}, $param->{type});
4068 }});
4069
4070 1;
Virtual Machine Manager