1 package PVE
::API2
::Qemu
;
7 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);;
9 use PVE
::Tools
qw(extract_param);
10 use PVE
::Exception
qw(raise raise_param_exc);
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use PVE
::RPCEnvironment
;
17 use PVE
::AccessControl
;
20 use Data
::Dumper
; # fixme: remove
22 use base
qw(PVE::RESTHandler);
24 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
26 my $resolve_cdrom_alias = sub {
29 if (my $value = $param->{cdrom
}) {
30 $value .= ",media=cdrom" if $value !~ m/media=/;
31 $param->{ide2
} = $value;
32 delete $param->{cdrom
};
37 my $check_storage_access = sub {
38 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
40 PVE
::QemuServer
::foreach_drive
($settings, sub {
41 my ($ds, $drive) = @_;
43 my $isCDROM = PVE
::QemuServer
::drive_is_cdrom
($drive);
45 my $volid = $drive->{file
};
47 if (!$volid || $volid eq 'none') {
49 } elsif ($isCDROM && ($volid eq 'cdrom')) {
50 $rpcenv->check($authuser, "/", ['Sys.Console']);
51 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
52 my ($storeid, $size) = ($2 || $default_storage, $3);
53 die "no storage ID specified (and no default storage)\n" if !$storeid;
54 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
56 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
61 # Note: $pool is only needed when creating a VM, because pool permissions
62 # are automatically inherited if VM already exists inside a pool.
63 my $create_disks = sub {
64 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
69 PVE
::QemuServer
::foreach_drive
($settings, sub {
72 my $volid = $disk->{file
};
74 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
75 $res->{$ds} = $settings->{$ds};
76 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
77 my ($storeid, $size) = ($2 || $default_storage, $3);
78 die "no storage ID specified (and no default storage)\n" if !$storeid;
79 my $defformat = PVE
::Storage
::storage_default_format
($storecfg, $storeid);
80 my $fmt = $disk->{format
} || $defformat;
81 my $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storeid, $vmid,
82 $fmt, undef, $size*1024*1024);
83 $disk->{file
} = $volid;
84 push @$vollist, $volid;
85 delete $disk->{format
}; # no longer needed
86 $res->{$ds} = PVE
::QemuServer
::print_drive
($vmid, $disk);
88 my $path = $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
89 PVE
::Storage
::activate_volumes
($storecfg, [ $volid ]);
90 die "image '$path' does not exists\n" if (!(-f
$path || -b
$path));
91 $res->{$ds} = $settings->{$ds};
95 # free allocated images on error
97 syslog
('err', "VM $vmid creating disks failed");
98 foreach my $volid (@$vollist) {
99 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
105 # modify vm config if everything went well
106 foreach my $ds (keys %$res) {
107 $conf->{$ds} = $res->{$ds};
113 my $check_vm_modify_config_perm = sub {
114 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
116 return 1 if $authuser eq 'root@pam';
118 foreach my $opt (@$key_list) {
119 # disk checks need to be done somewhere else
120 next if PVE
::QemuServer
::valid_drivename
($opt);
122 if ($opt eq 'sockets' || $opt eq 'cores' ||
123 $opt eq 'cpu' || $opt eq 'smp' ||
124 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
125 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
126 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
127 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
128 } elsif ($opt eq 'memory' || $opt eq 'balloon') {
129 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
130 } elsif ($opt eq 'args' || $opt eq 'lock') {
131 die "only root can set '$opt' config\n";
132 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' ||
133 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet') {
134 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
135 } elsif ($opt =~ m/^net\d+$/) {
136 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
138 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
145 __PACKAGE__-
>register_method({
149 description
=> "Virtual machine index (per node).",
151 description
=> "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
155 protected
=> 1, # qemu pid files are only readable by root
157 additionalProperties
=> 0,
159 node
=> get_standard_option
('pve-node'),
168 links
=> [ { rel
=> 'child', href
=> "{vmid}" } ],
173 my $rpcenv = PVE
::RPCEnvironment
::get
();
174 my $authuser = $rpcenv->get_user();
176 my $vmstatus = PVE
::QemuServer
::vmstatus
();
179 foreach my $vmid (keys %$vmstatus) {
180 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
182 my $data = $vmstatus->{$vmid};
183 $data->{vmid
} = $vmid;
190 __PACKAGE__-
>register_method({
194 description
=> "Create or restore a virtual machine.",
196 description
=> "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
198 [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
199 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param
=> 'pool'],
205 additionalProperties
=> 0,
206 properties
=> PVE
::QemuServer
::json_config_properties
(
208 node
=> get_standard_option
('pve-node'),
209 vmid
=> get_standard_option
('pve-vmid'),
211 description
=> "The backup file.",
216 storage
=> get_standard_option
('pve-storage-id', {
217 description
=> "Default storage.",
223 description
=> "Allow to overwrite existing VM.",
224 requires
=> 'archive',
229 description
=> "Assign a unique random ethernet address.",
230 requires
=> 'archive',
234 type
=> 'string', format
=> 'pve-poolid',
235 description
=> "Add the VM to the specified pool.",
245 my $rpcenv = PVE
::RPCEnvironment
::get
();
247 my $authuser = $rpcenv->get_user();
249 my $node = extract_param
($param, 'node');
251 my $vmid = extract_param
($param, 'vmid');
253 my $archive = extract_param
($param, 'archive');
255 my $storage = extract_param
($param, 'storage');
257 my $force = extract_param
($param, 'force');
259 my $unique = extract_param
($param, 'unique');
261 my $pool = extract_param
($param, 'pool');
263 my $filename = PVE
::QemuServer
::config_file
($vmid);
265 my $storecfg = PVE
::Storage
::config
();
267 PVE
::Cluster
::check_cfs_quorum
();
269 if (defined($pool)) {
270 $rpcenv->check_pool_exist($pool);
271 $rpcenv->check_perm_modify($authuser, "/pool/$pool");
274 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
275 if defined($storage);
278 &$resolve_cdrom_alias($param);
280 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
282 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
284 foreach my $opt (keys %$param) {
285 if (PVE
::QemuServer
::valid_drivename
($opt)) {
286 my $drive = PVE
::QemuServer
::parse_drive
($opt, $param->{$opt});
287 raise_param_exc
({ $opt => "unable to parse drive options" }) if !$drive;
289 PVE
::QemuServer
::cleanup_drive_path
($opt, $storecfg, $drive);
290 $param->{$opt} = PVE
::QemuServer
::print_drive
($vmid, $drive);
294 PVE
::QemuServer
::add_random_macs
($param);
296 my $keystr = join(' ', keys %$param);
297 raise_param_exc
({ archive
=> "option conflicts with other options ($keystr)"}) if $keystr;
299 if ($archive eq '-') {
300 die "pipe requires cli environment\n"
301 && $rpcenv->{type
} ne 'cli';
303 my $path = $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
304 PVE
::Storage
::activate_volumes
($storecfg, [ $archive ]);
305 die "can't find archive file '$archive'\n" if !($path && -f
$path);
310 my $addVMtoPoolFn = sub {
311 my $usercfg = cfs_read_file
("user.cfg");
312 if (my $data = $usercfg->{pools
}->{$pool}) {
313 $data->{vms
}->{$vmid} = 1;
314 $usercfg->{vms
}->{$vmid} = $pool;
315 cfs_write_file
("user.cfg", $usercfg);
319 my $restorefn = sub {
322 die "unable to restore vm $vmid: config file already exists\n"
325 die "unable to restore vm $vmid: vm is running\n"
326 if PVE
::QemuServer
::check_running
($vmid);
328 # destroy existing data - keep empty config
329 PVE
::QemuServer
::destroy_vm
($storecfg, $vmid, 1);
333 PVE
::QemuServer
::restore_archive
($archive, $vmid, $authuser, {
336 unique
=> $unique });
338 PVE
::AccessControl
::lock_user_config
($addVMtoPoolFn, "can't add VM to pool") if $pool;
341 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
347 die "unable to create vm $vmid: config file already exists\n"
358 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
360 # try to be smart about bootdisk
361 my @disks = PVE
::QemuServer
::disknames
();
363 foreach my $ds (reverse @disks) {
364 next if !$conf->{$ds};
365 my $disk = PVE
::QemuServer
::parse_drive
($ds, $conf->{$ds});
366 next if PVE
::QemuServer
::drive_is_cdrom
($disk);
370 if (!$conf->{bootdisk
} && $firstdisk) {
371 $conf->{bootdisk
} = $firstdisk;
374 PVE
::QemuServer
::update_config_nolock
($vmid, $conf);
380 foreach my $volid (@$vollist) {
381 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
384 die "create failed - $err";
387 PVE
::AccessControl
::lock_user_config
($addVMtoPoolFn, "can't add VM to pool") if $pool;
390 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
393 return PVE
::QemuServer
::lock_config_full
($vmid, 1, $archive ?
$restorefn : $createfn);
396 __PACKAGE__-
>register_method({
401 description
=> "Directory index",
406 additionalProperties
=> 0,
408 node
=> get_standard_option
('pve-node'),
409 vmid
=> get_standard_option
('pve-vmid'),
417 subdir
=> { type
=> 'string' },
420 links
=> [ { rel
=> 'child', href
=> "{subdir}" } ],
426 { subdir
=> 'config' },
427 { subdir
=> 'status' },
428 { subdir
=> 'unlink' },
429 { subdir
=> 'vncproxy' },
430 { subdir
=> 'migrate' },
432 { subdir
=> 'rrddata' },
433 { subdir
=> 'monitor' },
439 __PACKAGE__-
>register_method({
441 path
=> '{vmid}/rrd',
443 protected
=> 1, # fixme: can we avoid that?
445 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
447 description
=> "Read VM RRD statistics (returns PNG)",
449 additionalProperties
=> 0,
451 node
=> get_standard_option
('pve-node'),
452 vmid
=> get_standard_option
('pve-vmid'),
454 description
=> "Specify the time frame you are interested in.",
456 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
459 description
=> "The list of datasources you want to display.",
460 type
=> 'string', format
=> 'pve-configid-list',
463 description
=> "The RRD consolidation function",
465 enum
=> [ 'AVERAGE', 'MAX' ],
473 filename
=> { type
=> 'string' },
479 return PVE
::Cluster
::create_rrd_graph
(
480 "pve2-vm/$param->{vmid}", $param->{timeframe
},
481 $param->{ds
}, $param->{cf
});
485 __PACKAGE__-
>register_method({
487 path
=> '{vmid}/rrddata',
489 protected
=> 1, # fixme: can we avoid that?
491 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
493 description
=> "Read VM RRD statistics",
495 additionalProperties
=> 0,
497 node
=> get_standard_option
('pve-node'),
498 vmid
=> get_standard_option
('pve-vmid'),
500 description
=> "Specify the time frame you are interested in.",
502 enum
=> [ 'hour', 'day', 'week', 'month', 'year' ],
505 description
=> "The RRD consolidation function",
507 enum
=> [ 'AVERAGE', 'MAX' ],
522 return PVE
::Cluster
::create_rrd_data
(
523 "pve2-vm/$param->{vmid}", $param->{timeframe
}, $param->{cf
});
527 __PACKAGE__-
>register_method({
529 path
=> '{vmid}/config',
532 description
=> "Get virtual machine configuration.",
534 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
537 additionalProperties
=> 0,
539 node
=> get_standard_option
('pve-node'),
540 vmid
=> get_standard_option
('pve-vmid'),
548 description
=> 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
555 my $conf = PVE
::QemuServer
::load_config
($param->{vmid
});
560 my $vm_is_volid_owner = sub {
561 my ($storecfg, $vmid, $volid) =@_;
563 if ($volid !~ m
|^/|) {
565 eval { ($path, $owner) = PVE
::Storage
::path
($storecfg, $volid); };
566 if ($owner && ($owner == $vmid)) {
574 my $test_deallocate_drive = sub {
575 my ($storecfg, $vmid, $key, $drive, $force) = @_;
577 if (!PVE
::QemuServer
::drive_is_cdrom
($drive)) {
578 my $volid = $drive->{file
};
579 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
580 if ($force || $key =~ m/^unused/) {
581 my $sid = PVE
::Storage
::parse_volume_id
($volid);
590 my $delete_drive = sub {
591 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
593 if (!PVE
::QemuServer
::drive_is_cdrom
($drive)) {
594 my $volid = $drive->{file
};
595 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
596 if ($force || $key =~ m/^unused/) {
597 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
600 PVE
::QemuServer
::add_unused_volume
($conf, $volid, $vmid);
605 delete $conf->{$key};
608 my $vmconfig_delete_option = sub {
609 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
611 return if !defined($conf->{$opt});
613 my $isDisk = PVE
::QemuServer
::valid_drivename
($opt)|| ($opt =~ m/^unused/);
616 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
618 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
619 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
620 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.Allocate']);
624 die "error hot-unplug $opt" if !PVE
::QemuServer
::vm_deviceunplug
($vmid, $conf, $opt);
627 my $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
628 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
630 delete $conf->{$opt};
633 PVE
::QemuServer
::update_config_nolock
($vmid, $conf, 1);
636 my $vmconfig_update_disk = sub {
637 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
639 my $drive = PVE
::QemuServer
::parse_drive
($opt, $value);
641 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) { #cdrom
642 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
644 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
649 if (my $old_drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt})) {
651 my $media = $drive->{media
} || 'disk';
652 my $oldmedia = $old_drive->{media
} || 'disk';
653 die "unable to change media type\n" if $media ne $oldmedia;
655 if (!PVE
::QemuServer
::drive_is_cdrom
($old_drive) &&
656 ($drive->{file
} ne $old_drive->{file
})) { # delete old disks
658 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
659 $conf = PVE
::QemuServer
::load_config
($vmid); # update/reload
664 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
665 PVE
::QemuServer
::update_config_nolock
($vmid, $conf, 1);
667 $conf = PVE
::QemuServer
::load_config
($vmid); # update/reload
668 $drive = PVE
::QemuServer
::parse_drive
($opt, $conf->{$opt});
670 if (PVE
::QemuServer
::drive_is_cdrom
($drive)) { # cdrom
672 if (PVE
::QemuServer
::check_running
($vmid)) {
673 if ($drive->{file
} eq 'none') {
674 PVE
::QemuServer
::vm_monitor_command
($vmid, "eject -f drive-$opt", 0);
676 my $path = PVE
::QemuServer
::get_iso_path
($storecfg, $vmid, $drive->{file
});
677 PVE
::QemuServer
::vm_monitor_command
($vmid, "eject -f drive-$opt", 0); #force eject if locked
678 PVE
::QemuServer
::vm_monitor_command
($vmid, "change drive-$opt \"$path\"", 0) if $path;
682 } else { # hotplug new disks
684 die "error hotplug
$opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
688 my $vmconfig_update_net = sub {
689 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value) = @_;
692 #if online update, then unplug first
693 die "error hot-unplug
$opt for update
" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
696 $conf->{$opt} = $value;
697 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
698 $conf = PVE::QemuServer::load_config($vmid); # update/reload
700 my $net = PVE::QemuServer::parse_net($conf->{$opt});
702 die "error hotplug
$opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $net);
705 my $vm_config_perm_list = [
715 __PACKAGE__->register_method({
717 path => '{vmid}/config',
721 description => "Set virtual machine options
.",
723 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
726 additionalProperties => 0,
727 properties => PVE::QemuServer::json_config_properties(
729 node => get_standard_option('pve-node'),
730 vmid => get_standard_option('pve-vmid'),
731 skiplock => get_standard_option('skiplock'),
733 type => 'string', format => 'pve-configid-list',
734 description => "A list of settings you want to
delete.",
739 description => $opt_force_description,
741 requires => 'delete',
745 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
751 returns => { type => 'null'},
755 my $rpcenv = PVE::RPCEnvironment::get();
757 my $authuser = $rpcenv->get_user();
759 my $node = extract_param($param, 'node');
761 my $vmid = extract_param($param, 'vmid');
763 my $digest = extract_param($param, 'digest');
765 my @paramarr = (); # used for log message
766 foreach my $key (keys %$param) {
767 push @paramarr, "-$key", $param->{$key};
770 my $skiplock = extract_param($param, 'skiplock');
771 raise_param_exc({ skiplock => "Only root may
use this option
." })
772 if $skiplock && $authuser ne 'root@pam';
774 my $delete_str = extract_param($param, 'delete');
776 my $force = extract_param($param, 'force');
778 die "no options specified
\n" if !$delete_str && !scalar(keys %$param);
780 my $storecfg = PVE::Storage::config();
782 &$resolve_cdrom_alias($param);
784 # now try to verify all parameters
787 foreach my $opt (PVE::Tools::split_list($delete_str)) {
788 $opt = 'ide2' if $opt eq 'cdrom';
789 raise_param_exc({ delete => "you can
't use '-$opt' and " .
790 "-delete $opt' at the same
time" })
791 if defined($param->{$opt});
793 if (!PVE::QemuServer::option_exists($opt)) {
794 raise_param_exc({ delete => "unknown option
'$opt'" });
800 foreach my $opt (keys %$param) {
801 if (PVE::QemuServer::valid_drivename($opt)) {
803 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
804 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
805 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
806 } elsif ($opt =~ m/^net(\d+)$/) {
808 my $net = PVE::QemuServer::parse_net($param->{$opt});
809 $param->{$opt} = PVE::QemuServer::print_net($net);
813 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
815 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
817 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
821 my $conf = PVE::QemuServer::load_config($vmid);
823 die "checksum missmatch
(file change by other user?
)\n"
824 if $digest && $digest ne $conf->{digest};
826 PVE::QemuServer::check_lock($conf) if !$skiplock;
828 PVE::Cluster::log_msg('info', $authuser, "update VM
$vmid: " . join (' ', @paramarr));
830 foreach my $opt (@delete) { # delete
831 $conf = PVE::QemuServer::load_config($vmid); # update/reload
832 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
835 foreach my $opt (keys %$param) { # add/change
837 $conf = PVE::QemuServer::load_config($vmid); # update/reload
839 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
841 if (PVE::QemuServer::valid_drivename($opt)) {
843 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
844 $opt, $param->{$opt}, $force);
846 } elsif ($opt =~ m/^net(\d+)$/) { #nics
848 &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
849 $opt, $param->{$opt});
853 $conf->{$opt} = $param->{$opt};
854 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
859 PVE::QemuServer::lock_config($vmid, $updatefn);
865 __PACKAGE__->register_method({
866 name => 'destroy_vm',
871 description => "Destroy the vm
(also
delete all used
/owned volumes
).",
873 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
876 additionalProperties => 0,
878 node => get_standard_option('pve-node'),
879 vmid => get_standard_option('pve-vmid'),
880 skiplock => get_standard_option('skiplock'),
889 my $rpcenv = PVE::RPCEnvironment::get();
891 my $authuser = $rpcenv->get_user();
893 my $vmid = $param->{vmid};
895 my $skiplock = $param->{skiplock};
896 raise_param_exc({ skiplock => "Only root may
use this option
." })
897 if $skiplock && $authuser ne 'root@pam';
900 my $conf = PVE::QemuServer::load_config($vmid);
902 my $storecfg = PVE::Storage::config();
904 my $delVMfromPoolFn = sub {
905 my $usercfg = cfs_read_file("user
.cfg
");
906 my $pool = $usercfg->{vms}->{$vmid};
907 if (my $data = $usercfg->{pools}->{$pool}) {
908 delete $data->{vms}->{$vmid};
909 delete $usercfg->{vms}->{$vmid};
910 cfs_write_file("user
.cfg
", $usercfg);
917 syslog('info', "destroy VM
$vmid: $upid\n");
919 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
921 PVE::AccessControl::lock_user_config($delVMfromPoolFn, "pool cleanup failed
");
924 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
927 __PACKAGE__->register_method({
929 path => '{vmid}/unlink',
933 description => "Unlink
/delete disk images
.",
935 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
938 additionalProperties => 0,
940 node => get_standard_option('pve-node'),
941 vmid => get_standard_option('pve-vmid'),
943 type => 'string', format => 'pve-configid-list',
944 description => "A list of disk IDs you want to
delete.",
948 description => $opt_force_description,
953 returns => { type => 'null'},
957 $param->{delete} = extract_param($param, 'idlist');
959 __PACKAGE__->update_vm($param);
966 __PACKAGE__->register_method({
968 path => '{vmid}/vncproxy',
972 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
974 description => "Creates a TCP VNC proxy connections
.",
976 additionalProperties => 0,
978 node => get_standard_option('pve-node'),
979 vmid => get_standard_option('pve-vmid'),
983 additionalProperties => 0,
985 user => { type => 'string' },
986 ticket => { type => 'string' },
987 cert => { type => 'string' },
988 port => { type => 'integer' },
989 upid => { type => 'string' },
995 my $rpcenv = PVE::RPCEnvironment::get();
997 my $authuser = $rpcenv->get_user();
999 my $vmid = $param->{vmid};
1000 my $node = $param->{node};
1002 my $authpath = "/vms/$vmid";
1004 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1006 $sslcert = PVE::Tools::file_get_contents("/etc/pve
/pve-root-ca
.pem
", 8192)
1009 my $port = PVE::Tools::next_vnc_port();
1013 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1014 $remip = PVE::Cluster::remote_node_ip($node);
1017 # NOTE: kvm VNC traffic is already TLS encrypted,
1018 # so we select the fastest chipher here (or 'none'?)
1019 my $remcmd = $remip ? ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
1020 '-c', 'blowfish-cbc', $remip] : [];
1027 syslog('info', "starting vnc proxy
$upid\n");
1029 my $qmcmd = [@$remcmd, "/usr/sbin
/qm
", 'vncproxy', $vmid];
1031 my $qmstr = join(' ', @$qmcmd);
1033 # also redirect stderr (else we get RFB protocol errors)
1034 my $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null
"];
1036 PVE::Tools::run_command($cmd);
1041 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1052 __PACKAGE__->register_method({
1054 path => '{vmid}/status',
1057 description => "Directory
index",
1062 additionalProperties => 0,
1064 node => get_standard_option('pve-node'),
1065 vmid => get_standard_option('pve-vmid'),
1073 subdir => { type => 'string' },
1076 links => [ { rel => 'child', href => "{subdir
}" } ],
1082 my $conf = PVE::QemuServer::load_config($param->{vmid});
1085 { subdir => 'current' },
1086 { subdir => 'start' },
1087 { subdir => 'stop' },
1093 my $vm_is_ha_managed = sub {
1096 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1097 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $vmid, 1)) {
1103 __PACKAGE__->register_method({
1104 name => 'vm_status',
1105 path => '{vmid}/status/current',
1108 protected => 1, # qemu pid files are only readable by root
1109 description => "Get virtual machine status
.",
1111 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1114 additionalProperties => 0,
1116 node => get_standard_option('pve-node'),
1117 vmid => get_standard_option('pve-vmid'),
1120 returns => { type => 'object' },
1125 my $conf = PVE::QemuServer::load_config($param->{vmid});
1127 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid});
1128 my $status = $vmstatus->{$param->{vmid}};
1130 $status->{ha} = &$vm_is_ha_managed($param->{vmid});
1135 __PACKAGE__->register_method({
1137 path => '{vmid}/status/start',
1141 description => "Start virtual machine
.",
1143 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1146 additionalProperties => 0,
1148 node => get_standard_option('pve-node'),
1149 vmid => get_standard_option('pve-vmid'),
1150 skiplock => get_standard_option('skiplock'),
1151 stateuri => get_standard_option('pve-qm-stateuri'),
1160 my $rpcenv = PVE::RPCEnvironment::get();
1162 my $authuser = $rpcenv->get_user();
1164 my $node = extract_param($param, 'node');
1166 my $vmid = extract_param($param, 'vmid');
1168 my $stateuri = extract_param($param, 'stateuri');
1169 raise_param_exc({ stateuri => "Only root may
use this option
." })
1170 if $stateuri && $authuser ne 'root@pam';
1172 my $skiplock = extract_param($param, 'skiplock');
1173 raise_param_exc({ skiplock => "Only root may
use this option
." })
1174 if $skiplock && $authuser ne 'root@pam';
1176 my $storecfg = PVE::Storage::config();
1178 if (&$vm_is_ha_managed($vmid) && !$stateuri &&
1179 $rpcenv->{type} ne 'ha') {
1184 my $service = "pvevm
:$vmid";
1186 my $cmd = ['clusvcadm', '-e', $service, '-m', $node];
1188 print "Executing HA start
for VM
$vmid\n";
1190 PVE::Tools::run_command($cmd);
1195 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1202 syslog('info', "start VM
$vmid: $upid\n");
1204 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock);
1209 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1213 __PACKAGE__->register_method({
1215 path => '{vmid}/status/stop',
1219 description => "Stop virtual machine
.",
1221 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1224 additionalProperties => 0,
1226 node => get_standard_option('pve-node'),
1227 vmid => get_standard_option('pve-vmid'),
1228 skiplock => get_standard_option('skiplock'),
1230 description => "Wait maximal timeout seconds
.",
1236 description => "Do
not decativate storage volumes
.",
1249 my $rpcenv = PVE::RPCEnvironment::get();
1251 my $authuser = $rpcenv->get_user();
1253 my $node = extract_param($param, 'node');
1255 my $vmid = extract_param($param, 'vmid');
1257 my $skiplock = extract_param($param, 'skiplock');
1258 raise_param_exc({ skiplock => "Only root may
use this option
." })
1259 if $skiplock && $authuser ne 'root@pam';
1261 my $keepActive = extract_param($param, 'keepActive');
1262 raise_param_exc({ keepActive => "Only root may
use this option
." })
1263 if $keepActive && $authuser ne 'root@pam';
1265 my $storecfg = PVE::Storage::config();
1267 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
1272 my $service = "pvevm
:$vmid";
1274 my $cmd = ['clusvcadm', '-d', $service];
1276 print "Executing HA stop
for VM
$vmid\n";
1278 PVE::Tools::run_command($cmd);
1283 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1289 syslog('info', "stop VM
$vmid: $upid\n");
1291 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1292 $param->{timeout}, 0, 1, $keepActive);
1297 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1301 __PACKAGE__->register_method({
1303 path => '{vmid}/status/reset',
1307 description => "Reset virtual machine
.",
1309 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1312 additionalProperties => 0,
1314 node => get_standard_option('pve-node'),
1315 vmid => get_standard_option('pve-vmid'),
1316 skiplock => get_standard_option('skiplock'),
1325 my $rpcenv = PVE::RPCEnvironment::get();
1327 my $authuser = $rpcenv->get_user();
1329 my $node = extract_param($param, 'node');
1331 my $vmid = extract_param($param, 'vmid');
1333 my $skiplock = extract_param($param, 'skiplock');
1334 raise_param_exc({ skiplock => "Only root may
use this option
." })
1335 if $skiplock && $authuser ne 'root@pam';
1337 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1342 PVE::QemuServer::vm_reset($vmid, $skiplock);
1347 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1350 __PACKAGE__->register_method({
1351 name => 'vm_shutdown',
1352 path => '{vmid}/status/shutdown',
1356 description => "Shutdown virtual machine
.",
1358 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1361 additionalProperties => 0,
1363 node => get_standard_option('pve-node'),
1364 vmid => get_standard_option('pve-vmid'),
1365 skiplock => get_standard_option('skiplock'),
1367 description => "Wait maximal timeout seconds
.",
1373 description => "Make sure the VM stops
.",
1379 description => "Do
not decativate storage volumes
.",
1392 my $rpcenv = PVE::RPCEnvironment::get();
1394 my $authuser = $rpcenv->get_user();
1396 my $node = extract_param($param, 'node');
1398 my $vmid = extract_param($param, 'vmid');
1400 my $skiplock = extract_param($param, 'skiplock');
1401 raise_param_exc({ skiplock => "Only root may
use this option
." })
1402 if $skiplock && $authuser ne 'root@pam';
1404 my $keepActive = extract_param($param, 'keepActive');
1405 raise_param_exc({ keepActive => "Only root may
use this option
." })
1406 if $keepActive && $authuser ne 'root@pam';
1408 my $storecfg = PVE::Storage::config();
1413 syslog('info', "shutdown VM
$vmid: $upid\n");
1415 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1416 1, $param->{forceStop}, $keepActive);
1421 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1424 __PACKAGE__->register_method({
1425 name => 'vm_suspend',
1426 path => '{vmid}/status/suspend',
1430 description => "Suspend virtual machine
.",
1432 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1435 additionalProperties => 0,
1437 node => get_standard_option('pve-node'),
1438 vmid => get_standard_option('pve-vmid'),
1439 skiplock => get_standard_option('skiplock'),
1448 my $rpcenv = PVE::RPCEnvironment::get();
1450 my $authuser = $rpcenv->get_user();
1452 my $node = extract_param($param, 'node');
1454 my $vmid = extract_param($param, 'vmid');
1456 my $skiplock = extract_param($param, 'skiplock');
1457 raise_param_exc({ skiplock => "Only root may
use this option
." })
1458 if $skiplock && $authuser ne 'root@pam';
1460 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1465 syslog('info', "suspend VM
$vmid: $upid\n");
1467 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1472 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1475 __PACKAGE__->register_method({
1476 name => 'vm_resume',
1477 path => '{vmid}/status/resume',
1481 description => "Resume virtual machine
.",
1483 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1486 additionalProperties => 0,
1488 node => get_standard_option('pve-node'),
1489 vmid => get_standard_option('pve-vmid'),
1490 skiplock => get_standard_option('skiplock'),
1499 my $rpcenv = PVE::RPCEnvironment::get();
1501 my $authuser = $rpcenv->get_user();
1503 my $node = extract_param($param, 'node');
1505 my $vmid = extract_param($param, 'vmid');
1507 my $skiplock = extract_param($param, 'skiplock');
1508 raise_param_exc({ skiplock => "Only root may
use this option
." })
1509 if $skiplock && $authuser ne 'root@pam';
1511 die "VM
$vmid not running
\n" if !PVE::QemuServer::check_running($vmid);
1516 syslog('info', "resume VM
$vmid: $upid\n");
1518 PVE::QemuServer::vm_resume($vmid, $skiplock);
1523 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1526 __PACKAGE__->register_method({
1527 name => 'vm_sendkey',
1528 path => '{vmid}/sendkey',
1532 description => "Send key event to virtual machine
.",
1534 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1537 additionalProperties => 0,
1539 node => get_standard_option('pve-node'),
1540 vmid => get_standard_option('pve-vmid'),
1541 skiplock => get_standard_option('skiplock'),
1543 description => "The key
(qemu monitor encoding
).",
1548 returns => { type => 'null'},
1552 my $rpcenv = PVE::RPCEnvironment::get();
1554 my $authuser = $rpcenv->get_user();
1556 my $node = extract_param($param, 'node');
1558 my $vmid = extract_param($param, 'vmid');
1560 my $skiplock = extract_param($param, 'skiplock');
1561 raise_param_exc({ skiplock => "Only root may
use this option
." })
1562 if $skiplock && $authuser ne 'root@pam';
1564 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1569 __PACKAGE__->register_method({
1570 name => 'migrate_vm',
1571 path => '{vmid}/migrate',
1575 description => "Migrate virtual machine
. Creates a new migration task
.",
1577 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
1580 additionalProperties => 0,
1582 node => get_standard_option('pve-node'),
1583 vmid => get_standard_option('pve-vmid'),
1584 target => get_standard_option('pve-node', { description => "Target node
." }),
1587 description => "Use online
/live migration
.",
1592 description => "Allow to migrate VMs which
use local devices
. Only root may
use this option
.",
1599 description => "the task ID
.",
1604 my $rpcenv = PVE::RPCEnvironment::get();
1606 my $authuser = $rpcenv->get_user();
1608 my $target = extract_param($param, 'target');
1610 my $localnode = PVE::INotify::nodename();
1611 raise_param_exc({ target => "target
is local node
."}) if $target eq $localnode;
1613 PVE::Cluster::check_cfs_quorum();
1615 PVE::Cluster::check_node_exists($target);
1617 my $targetip = PVE::Cluster::remote_node_ip($target);
1619 my $vmid = extract_param($param, 'vmid');
1621 raise_param_exc({ force => "Only root may
use this option
." })
1622 if $param->{force} && $authuser ne 'root@pam';
1625 my $conf = PVE::QemuServer::load_config($vmid);
1627 # try to detect errors early
1629 PVE::QemuServer::check_lock($conf);
1631 if (PVE::QemuServer::check_running($vmid)) {
1632 die "cant migrate running VM without
--online
\n"
1633 if !$param->{online};
1636 my $storecfg = PVE::Storage::config();
1637 PVE::QemuServer::check_storage_availability($storecfg, $conf, "test
");
1639 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
1644 my $service = "pvevm
:$vmid";
1646 my $cmd = ['clusvcadm', '-M', $service, '-m', $target];
1648 print "Executing HA migrate
for VM
$vmid to node
$target\n";
1650 PVE::Tools::run_command($cmd);
1655 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
1662 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
1665 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
1670 __PACKAGE__->register_method({
1672 path => '{vmid}/monitor',
1676 description => "Execute Qemu monitor commands
.",
1678 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
1681 additionalProperties => 0,
1683 node => get_standard_option('pve-node'),
1684 vmid => get_standard_option('pve-vmid'),
1687 description => "The monitor command
.",
1691 returns => { type => 'string'},
1695 my $vmid = $param->{vmid};
1697 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
1701 $res = PVE::QemuServer::vm_monitor_command($vmid, $param->{command});
1703 $res = "ERROR
: $@" if $@;