]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
api: vm clone: remove cloned FW conf in error cleanup path
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use POSIX;
8 use IO::Socket::IP;
9 use URI::Escape;
10
11 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
12 use PVE::RRD;
13 use PVE::SafeSyslog;
14 use PVE::Tools qw(extract_param);
15 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
16 use PVE::Storage;
17 use PVE::JSONSchema qw(get_standard_option);
18 use PVE::RESTHandler;
19 use PVE::ReplicationConfig;
20 use PVE::GuestHelpers;
21 use PVE::QemuConfig;
22 use PVE::QemuServer;
23 use PVE::QemuServer::Monitor qw(mon_cmd);
24 use PVE::QemuMigrate;
25 use PVE::RPCEnvironment;
26 use PVE::AccessControl;
27 use PVE::INotify;
28 use PVE::Network;
29 use PVE::Firewall;
30 use PVE::API2::Firewall::VM;
31 use PVE::API2::Qemu::Agent;
32 use PVE::VZDump::Plugin;
33 use PVE::DataCenterConfig;
34 use PVE::SSHInfo;
35
36 BEGIN {
37 if (!$ENV{PVE_GENERATING_DOCS}) {
38 require PVE::HA::Env::PVE2;
39 import PVE::HA::Env::PVE2;
40 require PVE::HA::Config;
41 import PVE::HA::Config;
42 }
43 }
44
45 use Data::Dumper; # fixme: remove
46
47 use base qw(PVE::RESTHandler);
48
49 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
50
51 my $resolve_cdrom_alias = sub {
52 my $param = shift;
53
54 if (my $value = $param->{cdrom}) {
55 $value .= ",media=cdrom" if $value !~ m/media=/;
56 $param->{ide2} = $value;
57 delete $param->{cdrom};
58 }
59 };
60
61 my $NEW_DISK_RE = qr!^(([^/:\s]+):)?(\d+(\.\d+)?)$!;
62 my $check_storage_access = sub {
63 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
64
65 PVE::QemuServer::foreach_drive($settings, sub {
66 my ($ds, $drive) = @_;
67
68 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
69
70 my $volid = $drive->{file};
71 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
72
73 if (!$volid || ($volid eq 'none' || $volid eq 'cloudinit' || (defined($volname) && $volname eq 'cloudinit'))) {
74 # nothing to check
75 } elsif ($isCDROM && ($volid eq 'cdrom')) {
76 $rpcenv->check($authuser, "/", ['Sys.Console']);
77 } elsif (!$isCDROM && ($volid =~ $NEW_DISK_RE)) {
78 my ($storeid, $size) = ($2 || $default_storage, $3);
79 die "no storage ID specified (and no default storage)\n" if !$storeid;
80 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
81 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
82 raise_param_exc({ storage => "storage '$storeid' does not support vm images"})
83 if !$scfg->{content}->{images};
84 } else {
85 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
86 }
87 });
88
89 $rpcenv->check($authuser, "/storage/$settings->{vmstatestorage}", ['Datastore.AllocateSpace'])
90 if defined($settings->{vmstatestorage});
91 };
92
93 my $check_storage_access_clone = sub {
94 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
95
96 my $sharedvm = 1;
97
98 PVE::QemuServer::foreach_drive($conf, sub {
99 my ($ds, $drive) = @_;
100
101 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
102
103 my $volid = $drive->{file};
104
105 return if !$volid || $volid eq 'none';
106
107 if ($isCDROM) {
108 if ($volid eq 'cdrom') {
109 $rpcenv->check($authuser, "/", ['Sys.Console']);
110 } else {
111 # we simply allow access
112 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
113 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
114 $sharedvm = 0 if !$scfg->{shared};
115
116 }
117 } else {
118 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
119 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
120 $sharedvm = 0 if !$scfg->{shared};
121
122 $sid = $storage if $storage;
123 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
124 }
125 });
126
127 $rpcenv->check($authuser, "/storage/$conf->{vmstatestorage}", ['Datastore.AllocateSpace'])
128 if defined($conf->{vmstatestorage});
129
130 return $sharedvm;
131 };
132
133 # Note: $pool is only needed when creating a VM, because pool permissions
134 # are automatically inherited if VM already exists inside a pool.
135 my $create_disks = sub {
136 my ($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
137
138 my $vollist = [];
139
140 my $res = {};
141
142 my $code = sub {
143 my ($ds, $disk) = @_;
144
145 my $volid = $disk->{file};
146 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
147
148 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
149 delete $disk->{size};
150 $res->{$ds} = PVE::QemuServer::print_drive($disk);
151 } elsif (defined($volname) && $volname eq 'cloudinit') {
152 $storeid = $storeid // $default_storage;
153 die "no storage ID specified (and no default storage)\n" if !$storeid;
154 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
155 my $name = "vm-$vmid-cloudinit";
156
157 my $fmt = undef;
158 if ($scfg->{path}) {
159 $fmt = $disk->{format} // "qcow2";
160 $name .= ".$fmt";
161 } else {
162 $fmt = $disk->{format} // "raw";
163 }
164
165 # Initial disk created with 4 MB and aligned to 4MB on regeneration
166 my $ci_size = PVE::QemuServer::Cloudinit::CLOUDINIT_DISK_SIZE;
167 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, $name, $ci_size/1024);
168 $disk->{file} = $volid;
169 $disk->{media} = 'cdrom';
170 push @$vollist, $volid;
171 delete $disk->{format}; # no longer needed
172 $res->{$ds} = PVE::QemuServer::print_drive($disk);
173 } elsif ($volid =~ $NEW_DISK_RE) {
174 my ($storeid, $size) = ($2 || $default_storage, $3);
175 die "no storage ID specified (and no default storage)\n" if !$storeid;
176 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
177 my $fmt = $disk->{format} || $defformat;
178
179 $size = PVE::Tools::convert_size($size, 'gb' => 'kb'); # vdisk_alloc uses kb
180
181 my $volid;
182 if ($ds eq 'efidisk0') {
183 ($volid, $size) = PVE::QemuServer::create_efidisk($storecfg, $storeid, $vmid, $fmt, $arch);
184 } else {
185 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid, $fmt, undef, $size);
186 }
187 push @$vollist, $volid;
188 $disk->{file} = $volid;
189 $disk->{size} = PVE::Tools::convert_size($size, 'kb' => 'b');
190 delete $disk->{format}; # no longer needed
191 $res->{$ds} = PVE::QemuServer::print_drive($disk);
192 } else {
193
194 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
195
196 my $volid_is_new = 1;
197
198 if ($conf->{$ds}) {
199 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
200 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
201 }
202
203 if ($volid_is_new) {
204
205 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
206
207 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
208
209 die "volume $volid does not exist\n" if !$size;
210
211 $disk->{size} = $size;
212 }
213
214 $res->{$ds} = PVE::QemuServer::print_drive($disk);
215 }
216 };
217
218 eval { PVE::QemuServer::foreach_drive($settings, $code); };
219
220 # free allocated images on error
221 if (my $err = $@) {
222 syslog('err', "VM $vmid creating disks failed");
223 foreach my $volid (@$vollist) {
224 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
225 warn $@ if $@;
226 }
227 die $err;
228 }
229
230 # modify vm config if everything went well
231 foreach my $ds (keys %$res) {
232 $conf->{$ds} = $res->{$ds};
233 }
234
235 return $vollist;
236 };
237
238 my $cpuoptions = {
239 'cores' => 1,
240 'cpu' => 1,
241 'cpulimit' => 1,
242 'cpuunits' => 1,
243 'numa' => 1,
244 'smp' => 1,
245 'sockets' => 1,
246 'vcpus' => 1,
247 };
248
249 my $memoryoptions = {
250 'memory' => 1,
251 'balloon' => 1,
252 'shares' => 1,
253 };
254
255 my $hwtypeoptions = {
256 'acpi' => 1,
257 'hotplug' => 1,
258 'kvm' => 1,
259 'machine' => 1,
260 'scsihw' => 1,
261 'smbios1' => 1,
262 'tablet' => 1,
263 'vga' => 1,
264 'watchdog' => 1,
265 'audio0' => 1,
266 };
267
268 my $generaloptions = {
269 'agent' => 1,
270 'autostart' => 1,
271 'bios' => 1,
272 'description' => 1,
273 'keyboard' => 1,
274 'localtime' => 1,
275 'migrate_downtime' => 1,
276 'migrate_speed' => 1,
277 'name' => 1,
278 'onboot' => 1,
279 'ostype' => 1,
280 'protection' => 1,
281 'reboot' => 1,
282 'startdate' => 1,
283 'startup' => 1,
284 'tdf' => 1,
285 'template' => 1,
286 'tags' => 1,
287 };
288
289 my $vmpoweroptions = {
290 'freeze' => 1,
291 };
292
293 my $diskoptions = {
294 'boot' => 1,
295 'bootdisk' => 1,
296 'vmstatestorage' => 1,
297 };
298
299 my $cloudinitoptions = {
300 cicustom => 1,
301 cipassword => 1,
302 citype => 1,
303 ciuser => 1,
304 nameserver => 1,
305 searchdomain => 1,
306 sshkeys => 1,
307 };
308
309 my $check_vm_modify_config_perm = sub {
310 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
311
312 return 1 if $authuser eq 'root@pam';
313
314 foreach my $opt (@$key_list) {
315 # some checks (e.g., disk, serial port, usb) need to be done somewhere
316 # else, as there the permission can be value dependend
317 next if PVE::QemuServer::is_valid_drivename($opt);
318 next if $opt eq 'cdrom';
319 next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
320
321
322 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
323 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
324 } elsif ($memoryoptions->{$opt}) {
325 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
326 } elsif ($hwtypeoptions->{$opt}) {
327 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
328 } elsif ($generaloptions->{$opt}) {
329 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
330 # special case for startup since it changes host behaviour
331 if ($opt eq 'startup') {
332 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
333 }
334 } elsif ($vmpoweroptions->{$opt}) {
335 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
336 } elsif ($diskoptions->{$opt}) {
337 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
338 } elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
339 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
340 } elsif ($opt eq 'vmstate') {
341 # the user needs Disk and PowerMgmt privileges to change the vmstate
342 # also needs privileges on the storage, that will be checked later
343 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk', 'VM.PowerMgmt' ]);
344 } else {
345 # catches hostpci\d+, args, lock, etc.
346 # new options will be checked here
347 die "only root can set '$opt' config\n";
348 }
349 }
350
351 return 1;
352 };
353
354 __PACKAGE__->register_method({
355 name => 'vmlist',
356 path => '',
357 method => 'GET',
358 description => "Virtual machine index (per node).",
359 permissions => {
360 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
361 user => 'all',
362 },
363 proxyto => 'node',
364 protected => 1, # qemu pid files are only readable by root
365 parameters => {
366 additionalProperties => 0,
367 properties => {
368 node => get_standard_option('pve-node'),
369 full => {
370 type => 'boolean',
371 optional => 1,
372 description => "Determine the full status of active VMs.",
373 },
374 },
375 },
376 returns => {
377 type => 'array',
378 items => {
379 type => "object",
380 properties => $PVE::QemuServer::vmstatus_return_properties,
381 },
382 links => [ { rel => 'child', href => "{vmid}" } ],
383 },
384 code => sub {
385 my ($param) = @_;
386
387 my $rpcenv = PVE::RPCEnvironment::get();
388 my $authuser = $rpcenv->get_user();
389
390 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
391
392 my $res = [];
393 foreach my $vmid (keys %$vmstatus) {
394 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
395
396 my $data = $vmstatus->{$vmid};
397 push @$res, $data;
398 }
399
400 return $res;
401 }});
402
403
404
405 __PACKAGE__->register_method({
406 name => 'create_vm',
407 path => '',
408 method => 'POST',
409 description => "Create or restore a virtual machine.",
410 permissions => {
411 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
412 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
413 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
414 user => 'all', # check inside
415 },
416 protected => 1,
417 proxyto => 'node',
418 parameters => {
419 additionalProperties => 0,
420 properties => PVE::QemuServer::json_config_properties(
421 {
422 node => get_standard_option('pve-node'),
423 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
424 archive => {
425 description => "The backup file.",
426 type => 'string',
427 optional => 1,
428 maxLength => 255,
429 completion => \&PVE::QemuServer::complete_backup_archives,
430 },
431 storage => get_standard_option('pve-storage-id', {
432 description => "Default storage.",
433 optional => 1,
434 completion => \&PVE::QemuServer::complete_storage,
435 }),
436 force => {
437 optional => 1,
438 type => 'boolean',
439 description => "Allow to overwrite existing VM.",
440 requires => 'archive',
441 },
442 unique => {
443 optional => 1,
444 type => 'boolean',
445 description => "Assign a unique random ethernet address.",
446 requires => 'archive',
447 },
448 pool => {
449 optional => 1,
450 type => 'string', format => 'pve-poolid',
451 description => "Add the VM to the specified pool.",
452 },
453 bwlimit => {
454 description => "Override I/O bandwidth limit (in KiB/s).",
455 optional => 1,
456 type => 'integer',
457 minimum => '0',
458 default => 'restore limit from datacenter or storage config',
459 },
460 start => {
461 optional => 1,
462 type => 'boolean',
463 default => 0,
464 description => "Start VM after it was created successfully.",
465 },
466 }),
467 },
468 returns => {
469 type => 'string',
470 },
471 code => sub {
472 my ($param) = @_;
473
474 my $rpcenv = PVE::RPCEnvironment::get();
475 my $authuser = $rpcenv->get_user();
476
477 my $node = extract_param($param, 'node');
478 my $vmid = extract_param($param, 'vmid');
479
480 my $archive = extract_param($param, 'archive');
481 my $is_restore = !!$archive;
482
483 my $bwlimit = extract_param($param, 'bwlimit');
484 my $force = extract_param($param, 'force');
485 my $pool = extract_param($param, 'pool');
486 my $start_after_create = extract_param($param, 'start');
487 my $storage = extract_param($param, 'storage');
488 my $unique = extract_param($param, 'unique');
489
490 if (defined(my $ssh_keys = $param->{sshkeys})) {
491 $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
492 PVE::Tools::validate_ssh_public_keys($ssh_keys);
493 }
494
495 PVE::Cluster::check_cfs_quorum();
496
497 my $filename = PVE::QemuConfig->config_file($vmid);
498 my $storecfg = PVE::Storage::config();
499
500 if (defined($pool)) {
501 $rpcenv->check_pool_exist($pool);
502 }
503
504 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
505 if defined($storage);
506
507 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
508 # OK
509 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
510 # OK
511 } elsif ($archive && $force && (-f $filename) &&
512 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
513 # OK: user has VM.Backup permissions, and want to restore an existing VM
514 } else {
515 raise_perm_exc();
516 }
517
518 if (!$archive) {
519 &$resolve_cdrom_alias($param);
520
521 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
522
523 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
524
525 foreach my $opt (keys %$param) {
526 if (PVE::QemuServer::is_valid_drivename($opt)) {
527 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
528 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
529
530 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
531 $param->{$opt} = PVE::QemuServer::print_drive($drive);
532 }
533 }
534
535 PVE::QemuServer::add_random_macs($param);
536 } else {
537 my $keystr = join(' ', keys %$param);
538 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
539
540 if ($archive eq '-') {
541 die "pipe requires cli environment\n"
542 if $rpcenv->{type} ne 'cli';
543 } else {
544 PVE::Storage::check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
545 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
546 }
547 }
548
549 my $emsg = $is_restore ? "unable to restore VM $vmid -" : "unable to create VM $vmid -";
550
551 eval { PVE::QemuConfig->create_and_lock_config($vmid, $force) };
552 die "$emsg $@" if $@;
553
554 my $restorefn = sub {
555 my $conf = PVE::QemuConfig->load_config($vmid);
556
557 PVE::QemuConfig->check_protection($conf, $emsg);
558
559 die "$emsg vm is running\n" if PVE::QemuServer::check_running($vmid);
560
561 my $realcmd = sub {
562 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
563 storage => $storage,
564 pool => $pool,
565 unique => $unique,
566 bwlimit => $bwlimit,
567 });
568 my $restored_conf = PVE::QemuConfig->load_config($vmid);
569 # Convert restored VM to template if backup was VM template
570 if (PVE::QemuConfig->is_template($restored_conf)) {
571 warn "Convert to template.\n";
572 eval { PVE::QemuServer::template_create($vmid, $restored_conf) };
573 warn $@ if $@;
574 }
575
576 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
577 };
578
579 # ensure no old replication state are exists
580 PVE::ReplicationState::delete_guest_states($vmid);
581
582 PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
583
584 if ($start_after_create) {
585 print "Execute autostart\n";
586 eval { PVE::API2::Qemu->vm_start({ vmid => $vmid, node => $node }) };
587 warn $@ if $@;
588 }
589 };
590
591 my $createfn = sub {
592 # ensure no old replication state are exists
593 PVE::ReplicationState::delete_guest_states($vmid);
594
595 my $realcmd = sub {
596 my $conf = $param;
597 my $arch = PVE::QemuServer::get_vm_arch($conf);
598
599 my $vollist = [];
600 eval {
601 $vollist = &$create_disks($rpcenv, $authuser, $conf, $arch, $storecfg, $vmid, $pool, $param, $storage);
602
603 if (!$conf->{bootdisk}) {
604 my $firstdisk = PVE::QemuServer::resolve_first_disk($conf);
605 $conf->{bootdisk} = $firstdisk if $firstdisk;
606 }
607
608 # auto generate uuid if user did not specify smbios1 option
609 if (!$conf->{smbios1}) {
610 $conf->{smbios1} = PVE::QemuServer::generate_smbios1_uuid();
611 }
612
613 if ((!defined($conf->{vmgenid}) || $conf->{vmgenid} eq '1') && $arch ne 'aarch64') {
614 $conf->{vmgenid} = PVE::QemuServer::generate_uuid();
615 }
616
617 PVE::QemuConfig->write_config($vmid, $conf);
618
619 };
620 my $err = $@;
621
622 if ($err) {
623 foreach my $volid (@$vollist) {
624 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
625 warn $@ if $@;
626 }
627 die "$emsg $err";
628 }
629
630 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
631 };
632
633 PVE::QemuConfig->lock_config_full($vmid, 1, $realcmd);
634
635 if ($start_after_create) {
636 print "Execute autostart\n";
637 eval { PVE::API2::Qemu->vm_start({vmid => $vmid, node => $node}) };
638 warn $@ if $@;
639 }
640 };
641
642 my ($code, $worker_name);
643 if ($is_restore) {
644 $worker_name = 'qmrestore';
645 $code = sub {
646 eval { $restorefn->() };
647 if (my $err = $@) {
648 eval { PVE::QemuConfig->remove_lock($vmid, 'create') };
649 warn $@ if $@;
650 die $err;
651 }
652 };
653 } else {
654 $worker_name = 'qmcreate';
655 $code = sub {
656 eval { $createfn->() };
657 if (my $err = $@) {
658 eval {
659 my $conffile = PVE::QemuConfig->config_file($vmid);
660 unlink($conffile) or die "failed to remove config file: $!\n";
661 };
662 warn $@ if $@;
663 die $err;
664 }
665 };
666 }
667
668 return $rpcenv->fork_worker($worker_name, $vmid, $authuser, $code);
669 }});
670
671 __PACKAGE__->register_method({
672 name => 'vmdiridx',
673 path => '{vmid}',
674 method => 'GET',
675 proxyto => 'node',
676 description => "Directory index",
677 permissions => {
678 user => 'all',
679 },
680 parameters => {
681 additionalProperties => 0,
682 properties => {
683 node => get_standard_option('pve-node'),
684 vmid => get_standard_option('pve-vmid'),
685 },
686 },
687 returns => {
688 type => 'array',
689 items => {
690 type => "object",
691 properties => {
692 subdir => { type => 'string' },
693 },
694 },
695 links => [ { rel => 'child', href => "{subdir}" } ],
696 },
697 code => sub {
698 my ($param) = @_;
699
700 my $res = [
701 { subdir => 'config' },
702 { subdir => 'pending' },
703 { subdir => 'status' },
704 { subdir => 'unlink' },
705 { subdir => 'vncproxy' },
706 { subdir => 'termproxy' },
707 { subdir => 'migrate' },
708 { subdir => 'resize' },
709 { subdir => 'move' },
710 { subdir => 'rrd' },
711 { subdir => 'rrddata' },
712 { subdir => 'monitor' },
713 { subdir => 'agent' },
714 { subdir => 'snapshot' },
715 { subdir => 'spiceproxy' },
716 { subdir => 'sendkey' },
717 { subdir => 'firewall' },
718 ];
719
720 return $res;
721 }});
722
723 __PACKAGE__->register_method ({
724 subclass => "PVE::API2::Firewall::VM",
725 path => '{vmid}/firewall',
726 });
727
728 __PACKAGE__->register_method ({
729 subclass => "PVE::API2::Qemu::Agent",
730 path => '{vmid}/agent',
731 });
732
733 __PACKAGE__->register_method({
734 name => 'rrd',
735 path => '{vmid}/rrd',
736 method => 'GET',
737 protected => 1, # fixme: can we avoid that?
738 permissions => {
739 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
740 },
741 description => "Read VM RRD statistics (returns PNG)",
742 parameters => {
743 additionalProperties => 0,
744 properties => {
745 node => get_standard_option('pve-node'),
746 vmid => get_standard_option('pve-vmid'),
747 timeframe => {
748 description => "Specify the time frame you are interested in.",
749 type => 'string',
750 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
751 },
752 ds => {
753 description => "The list of datasources you want to display.",
754 type => 'string', format => 'pve-configid-list',
755 },
756 cf => {
757 description => "The RRD consolidation function",
758 type => 'string',
759 enum => [ 'AVERAGE', 'MAX' ],
760 optional => 1,
761 },
762 },
763 },
764 returns => {
765 type => "object",
766 properties => {
767 filename => { type => 'string' },
768 },
769 },
770 code => sub {
771 my ($param) = @_;
772
773 return PVE::RRD::create_rrd_graph(
774 "pve2-vm/$param->{vmid}", $param->{timeframe},
775 $param->{ds}, $param->{cf});
776
777 }});
778
779 __PACKAGE__->register_method({
780 name => 'rrddata',
781 path => '{vmid}/rrddata',
782 method => 'GET',
783 protected => 1, # fixme: can we avoid that?
784 permissions => {
785 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
786 },
787 description => "Read VM RRD statistics",
788 parameters => {
789 additionalProperties => 0,
790 properties => {
791 node => get_standard_option('pve-node'),
792 vmid => get_standard_option('pve-vmid'),
793 timeframe => {
794 description => "Specify the time frame you are interested in.",
795 type => 'string',
796 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
797 },
798 cf => {
799 description => "The RRD consolidation function",
800 type => 'string',
801 enum => [ 'AVERAGE', 'MAX' ],
802 optional => 1,
803 },
804 },
805 },
806 returns => {
807 type => "array",
808 items => {
809 type => "object",
810 properties => {},
811 },
812 },
813 code => sub {
814 my ($param) = @_;
815
816 return PVE::RRD::create_rrd_data(
817 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
818 }});
819
820
821 __PACKAGE__->register_method({
822 name => 'vm_config',
823 path => '{vmid}/config',
824 method => 'GET',
825 proxyto => 'node',
826 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
827 permissions => {
828 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
829 },
830 parameters => {
831 additionalProperties => 0,
832 properties => {
833 node => get_standard_option('pve-node'),
834 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
835 current => {
836 description => "Get current values (instead of pending values).",
837 optional => 1,
838 default => 0,
839 type => 'boolean',
840 },
841 snapshot => get_standard_option('pve-snapshot-name', {
842 description => "Fetch config values from given snapshot.",
843 optional => 1,
844 completion => sub {
845 my ($cmd, $pname, $cur, $args) = @_;
846 PVE::QemuConfig->snapshot_list($args->[0]);
847 },
848 }),
849 },
850 },
851 returns => {
852 description => "The current VM configuration.",
853 type => "object",
854 properties => PVE::QemuServer::json_config_properties({
855 digest => {
856 type => 'string',
857 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
858 }
859 }),
860 },
861 code => sub {
862 my ($param) = @_;
863
864 raise_param_exc({ snapshot => "cannot use 'snapshot' parameter with 'current'",
865 current => "cannot use 'snapshot' parameter with 'current'"})
866 if ($param->{snapshot} && $param->{current});
867
868 my $conf;
869 if ($param->{snapshot}) {
870 $conf = PVE::QemuConfig->load_snapshot_config($param->{vmid}, $param->{snapshot});
871 } else {
872 $conf = PVE::QemuConfig->load_current_config($param->{vmid}, $param->{current});
873 }
874 $conf->{cipassword} = '**********' if $conf->{cipassword};
875 return $conf;
876
877 }});
878
879 __PACKAGE__->register_method({
880 name => 'vm_pending',
881 path => '{vmid}/pending',
882 method => 'GET',
883 proxyto => 'node',
884 description => "Get virtual machine configuration, including pending changes.",
885 permissions => {
886 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
887 },
888 parameters => {
889 additionalProperties => 0,
890 properties => {
891 node => get_standard_option('pve-node'),
892 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
893 },
894 },
895 returns => {
896 type => "array",
897 items => {
898 type => "object",
899 properties => {
900 key => {
901 description => "Configuration option name.",
902 type => 'string',
903 },
904 value => {
905 description => "Current value.",
906 type => 'string',
907 optional => 1,
908 },
909 pending => {
910 description => "Pending value.",
911 type => 'string',
912 optional => 1,
913 },
914 delete => {
915 description => "Indicates a pending delete request if present and not 0. " .
916 "The value 2 indicates a force-delete request.",
917 type => 'integer',
918 minimum => 0,
919 maximum => 2,
920 optional => 1,
921 },
922 },
923 },
924 },
925 code => sub {
926 my ($param) = @_;
927
928 my $conf = PVE::QemuConfig->load_config($param->{vmid});
929
930 my $pending_delete_hash = PVE::QemuConfig->parse_pending_delete($conf->{pending}->{delete});
931
932 $conf->{cipassword} = '**********' if defined($conf->{cipassword});
933 $conf->{pending}->{cipassword} = '********** ' if defined($conf->{pending}->{cipassword});
934
935 return PVE::GuestHelpers::config_with_pending_array($conf, $pending_delete_hash);
936 }});
937
938 # POST/PUT {vmid}/config implementation
939 #
940 # The original API used PUT (idempotent) an we assumed that all operations
941 # are fast. But it turned out that almost any configuration change can
942 # involve hot-plug actions, or disk alloc/free. Such actions can take long
943 # time to complete and have side effects (not idempotent).
944 #
945 # The new implementation uses POST and forks a worker process. We added
946 # a new option 'background_delay'. If specified we wait up to
947 # 'background_delay' second for the worker task to complete. It returns null
948 # if the task is finished within that time, else we return the UPID.
949
950 my $update_vm_api = sub {
951 my ($param, $sync) = @_;
952
953 my $rpcenv = PVE::RPCEnvironment::get();
954
955 my $authuser = $rpcenv->get_user();
956
957 my $node = extract_param($param, 'node');
958
959 my $vmid = extract_param($param, 'vmid');
960
961 my $digest = extract_param($param, 'digest');
962
963 my $background_delay = extract_param($param, 'background_delay');
964
965 if (defined(my $cipassword = $param->{cipassword})) {
966 # Same logic as in cloud-init (but with the regex fixed...)
967 $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
968 if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
969 }
970
971 my @paramarr = (); # used for log message
972 foreach my $key (sort keys %$param) {
973 my $value = $key eq 'cipassword' ? '<hidden>' : $param->{$key};
974 push @paramarr, "-$key", $value;
975 }
976
977 my $skiplock = extract_param($param, 'skiplock');
978 raise_param_exc({ skiplock => "Only root may use this option." })
979 if $skiplock && $authuser ne 'root@pam';
980
981 my $delete_str = extract_param($param, 'delete');
982
983 my $revert_str = extract_param($param, 'revert');
984
985 my $force = extract_param($param, 'force');
986
987 if (defined(my $ssh_keys = $param->{sshkeys})) {
988 $ssh_keys = URI::Escape::uri_unescape($ssh_keys);
989 PVE::Tools::validate_ssh_public_keys($ssh_keys);
990 }
991
992 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
993
994 my $storecfg = PVE::Storage::config();
995
996 my $defaults = PVE::QemuServer::load_defaults();
997
998 &$resolve_cdrom_alias($param);
999
1000 # now try to verify all parameters
1001
1002 my $revert = {};
1003 foreach my $opt (PVE::Tools::split_list($revert_str)) {
1004 if (!PVE::QemuServer::option_exists($opt)) {
1005 raise_param_exc({ revert => "unknown option '$opt'" });
1006 }
1007
1008 raise_param_exc({ delete => "you can't use '-$opt' and " .
1009 "-revert $opt' at the same time" })
1010 if defined($param->{$opt});
1011
1012 $revert->{$opt} = 1;
1013 }
1014
1015 my @delete = ();
1016 foreach my $opt (PVE::Tools::split_list($delete_str)) {
1017 $opt = 'ide2' if $opt eq 'cdrom';
1018
1019 raise_param_exc({ delete => "you can't use '-$opt' and " .
1020 "-delete $opt' at the same time" })
1021 if defined($param->{$opt});
1022
1023 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
1024 "-revert $opt' at the same time" })
1025 if $revert->{$opt};
1026
1027 if (!PVE::QemuServer::option_exists($opt)) {
1028 raise_param_exc({ delete => "unknown option '$opt'" });
1029 }
1030
1031 push @delete, $opt;
1032 }
1033
1034 my $repl_conf = PVE::ReplicationConfig->new();
1035 my $is_replicated = $repl_conf->check_for_existing_jobs($vmid, 1);
1036 my $check_replication = sub {
1037 my ($drive) = @_;
1038 return if !$is_replicated;
1039 my $volid = $drive->{file};
1040 return if !$volid || !($drive->{replicate}//1);
1041 return if PVE::QemuServer::drive_is_cdrom($drive);
1042
1043 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
1044 return if $volname eq 'cloudinit';
1045
1046 my $format;
1047 if ($volid =~ $NEW_DISK_RE) {
1048 $storeid = $2;
1049 $format = $drive->{format} || PVE::Storage::storage_default_format($storecfg, $storeid);
1050 } else {
1051 $format = (PVE::Storage::parse_volname($storecfg, $volid))[6];
1052 }
1053 return if PVE::Storage::storage_can_replicate($storecfg, $storeid, $format);
1054 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
1055 return if $scfg->{shared};
1056 die "cannot add non-replicatable volume to a replicated VM\n";
1057 };
1058
1059 foreach my $opt (keys %$param) {
1060 if (PVE::QemuServer::is_valid_drivename($opt)) {
1061 # cleanup drive path
1062 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1063 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
1064 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
1065 $check_replication->($drive);
1066 $param->{$opt} = PVE::QemuServer::print_drive($drive);
1067 } elsif ($opt =~ m/^net(\d+)$/) {
1068 # add macaddr
1069 my $net = PVE::QemuServer::parse_net($param->{$opt});
1070 $param->{$opt} = PVE::QemuServer::print_net($net);
1071 } elsif ($opt eq 'vmgenid') {
1072 if ($param->{$opt} eq '1') {
1073 $param->{$opt} = PVE::QemuServer::generate_uuid();
1074 }
1075 } elsif ($opt eq 'hookscript') {
1076 eval { PVE::GuestHelpers::check_hookscript($param->{$opt}, $storecfg); };
1077 raise_param_exc({ $opt => $@ }) if $@;
1078 }
1079 }
1080
1081 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
1082
1083 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
1084
1085 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
1086
1087 my $updatefn = sub {
1088
1089 my $conf = PVE::QemuConfig->load_config($vmid);
1090
1091 die "checksum missmatch (file change by other user?)\n"
1092 if $digest && $digest ne $conf->{digest};
1093
1094 # FIXME: 'suspended' lock should probabyl be a state or "weak" lock?!
1095 if (scalar(@delete) && grep { $_ eq 'vmstate'} @delete) {
1096 if (defined($conf->{lock}) && $conf->{lock} eq 'suspended') {
1097 delete $conf->{lock}; # for check lock check, not written out
1098 push @delete, 'lock'; # this is the real deal to write it out
1099 }
1100 push @delete, 'runningmachine' if $conf->{runningmachine};
1101 }
1102
1103 PVE::QemuConfig->check_lock($conf) if !$skiplock;
1104
1105 foreach my $opt (keys %$revert) {
1106 if (defined($conf->{$opt})) {
1107 $param->{$opt} = $conf->{$opt};
1108 } elsif (defined($conf->{pending}->{$opt})) {
1109 push @delete, $opt;
1110 }
1111 }
1112
1113 if ($param->{memory} || defined($param->{balloon})) {
1114 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
1115 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
1116
1117 die "balloon value too large (must be smaller than assigned memory)\n"
1118 if $balloon && $balloon > $maxmem;
1119 }
1120
1121 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
1122
1123 my $worker = sub {
1124
1125 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
1126
1127 # write updates to pending section
1128
1129 my $modified = {}; # record what $option we modify
1130
1131 foreach my $opt (@delete) {
1132 $modified->{$opt} = 1;
1133 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1134
1135 # value of what we want to delete, independent if pending or not
1136 my $val = $conf->{$opt} // $conf->{pending}->{$opt};
1137 if (!defined($val)) {
1138 warn "cannot delete '$opt' - not set in current configuration!\n";
1139 $modified->{$opt} = 0;
1140 next;
1141 }
1142 my $is_pending_val = defined($conf->{pending}->{$opt});
1143 delete $conf->{pending}->{$opt};
1144
1145 if ($opt =~ m/^unused/) {
1146 my $drive = PVE::QemuServer::parse_drive($opt, $val);
1147 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
1148 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1149 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
1150 delete $conf->{$opt};
1151 PVE::QemuConfig->write_config($vmid, $conf);
1152 }
1153 } elsif ($opt eq 'vmstate') {
1154 PVE::QemuConfig->check_protection($conf, "can't remove vmstate '$val'");
1155 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, { file => $val }, $rpcenv, $authuser, 1)) {
1156 delete $conf->{$opt};
1157 PVE::QemuConfig->write_config($vmid, $conf);
1158 }
1159 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1160 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
1161 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1162 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $val))
1163 if $is_pending_val;
1164 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1165 PVE::QemuConfig->write_config($vmid, $conf);
1166 } elsif ($opt =~ m/^serial\d+$/) {
1167 if ($val eq 'socket') {
1168 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1169 } elsif ($authuser ne 'root@pam') {
1170 die "only root can delete '$opt' config for real devices\n";
1171 }
1172 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1173 PVE::QemuConfig->write_config($vmid, $conf);
1174 } elsif ($opt =~ m/^usb\d+$/) {
1175 if ($val =~ m/spice/) {
1176 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1177 } elsif ($authuser ne 'root@pam') {
1178 die "only root can delete '$opt' config for real devices\n";
1179 }
1180 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1181 PVE::QemuConfig->write_config($vmid, $conf);
1182 } else {
1183 PVE::QemuConfig->add_to_pending_delete($conf, $opt, $force);
1184 PVE::QemuConfig->write_config($vmid, $conf);
1185 }
1186 }
1187
1188 foreach my $opt (keys %$param) { # add/change
1189 $modified->{$opt} = 1;
1190 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1191 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1192
1193 my $arch = PVE::QemuServer::get_vm_arch($conf);
1194
1195 if (PVE::QemuServer::is_valid_drivename($opt)) {
1196 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1197 # FIXME: cloudinit: CDROM or Disk?
1198 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1199 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1200 } else {
1201 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1202 }
1203 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1204 if defined($conf->{pending}->{$opt});
1205
1206 &$create_disks($rpcenv, $authuser, $conf->{pending}, $arch, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1207 } elsif ($opt =~ m/^serial\d+/) {
1208 if ((!defined($conf->{$opt}) || $conf->{$opt} eq 'socket') && $param->{$opt} eq 'socket') {
1209 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1210 } elsif ($authuser ne 'root@pam') {
1211 die "only root can modify '$opt' config for real devices\n";
1212 }
1213 $conf->{pending}->{$opt} = $param->{$opt};
1214 } elsif ($opt =~ m/^usb\d+/) {
1215 if ((!defined($conf->{$opt}) || $conf->{$opt} =~ m/spice/) && $param->{$opt} =~ m/spice/) {
1216 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
1217 } elsif ($authuser ne 'root@pam') {
1218 die "only root can modify '$opt' config for real devices\n";
1219 }
1220 $conf->{pending}->{$opt} = $param->{$opt};
1221 } else {
1222 $conf->{pending}->{$opt} = $param->{$opt};
1223 }
1224 PVE::QemuConfig->remove_from_pending_delete($conf, $opt);
1225 PVE::QemuConfig->write_config($vmid, $conf);
1226 }
1227
1228 # remove pending changes when nothing changed
1229 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1230 my $changes = PVE::QemuConfig->cleanup_pending($conf);
1231 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
1232
1233 return if !scalar(keys %{$conf->{pending}});
1234
1235 my $running = PVE::QemuServer::check_running($vmid);
1236
1237 # apply pending changes
1238
1239 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1240
1241 my $errors = {};
1242 if ($running) {
1243 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1244 } else {
1245 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running, $errors);
1246 }
1247 raise_param_exc($errors) if scalar(keys %$errors);
1248
1249 return;
1250 };
1251
1252 if ($sync) {
1253 &$worker();
1254 return undef;
1255 } else {
1256 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1257
1258 if ($background_delay) {
1259
1260 # Note: It would be better to do that in the Event based HTTPServer
1261 # to avoid blocking call to sleep.
1262
1263 my $end_time = time() + $background_delay;
1264
1265 my $task = PVE::Tools::upid_decode($upid);
1266
1267 my $running = 1;
1268 while (time() < $end_time) {
1269 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1270 last if !$running;
1271 sleep(1); # this gets interrupted when child process ends
1272 }
1273
1274 if (!$running) {
1275 my $status = PVE::Tools::upid_read_status($upid);
1276 return undef if $status eq 'OK';
1277 die $status;
1278 }
1279 }
1280
1281 return $upid;
1282 }
1283 };
1284
1285 return PVE::QemuConfig->lock_config($vmid, $updatefn);
1286 };
1287
1288 my $vm_config_perm_list = [
1289 'VM.Config.Disk',
1290 'VM.Config.CDROM',
1291 'VM.Config.CPU',
1292 'VM.Config.Memory',
1293 'VM.Config.Network',
1294 'VM.Config.HWType',
1295 'VM.Config.Options',
1296 ];
1297
1298 __PACKAGE__->register_method({
1299 name => 'update_vm_async',
1300 path => '{vmid}/config',
1301 method => 'POST',
1302 protected => 1,
1303 proxyto => 'node',
1304 description => "Set virtual machine options (asynchrounous API).",
1305 permissions => {
1306 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1307 },
1308 parameters => {
1309 additionalProperties => 0,
1310 properties => PVE::QemuServer::json_config_properties(
1311 {
1312 node => get_standard_option('pve-node'),
1313 vmid => get_standard_option('pve-vmid'),
1314 skiplock => get_standard_option('skiplock'),
1315 delete => {
1316 type => 'string', format => 'pve-configid-list',
1317 description => "A list of settings you want to delete.",
1318 optional => 1,
1319 },
1320 revert => {
1321 type => 'string', format => 'pve-configid-list',
1322 description => "Revert a pending change.",
1323 optional => 1,
1324 },
1325 force => {
1326 type => 'boolean',
1327 description => $opt_force_description,
1328 optional => 1,
1329 requires => 'delete',
1330 },
1331 digest => {
1332 type => 'string',
1333 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1334 maxLength => 40,
1335 optional => 1,
1336 },
1337 background_delay => {
1338 type => 'integer',
1339 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1340 minimum => 1,
1341 maximum => 30,
1342 optional => 1,
1343 },
1344 }),
1345 },
1346 returns => {
1347 type => 'string',
1348 optional => 1,
1349 },
1350 code => $update_vm_api,
1351 });
1352
1353 __PACKAGE__->register_method({
1354 name => 'update_vm',
1355 path => '{vmid}/config',
1356 method => 'PUT',
1357 protected => 1,
1358 proxyto => 'node',
1359 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1360 permissions => {
1361 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1362 },
1363 parameters => {
1364 additionalProperties => 0,
1365 properties => PVE::QemuServer::json_config_properties(
1366 {
1367 node => get_standard_option('pve-node'),
1368 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1369 skiplock => get_standard_option('skiplock'),
1370 delete => {
1371 type => 'string', format => 'pve-configid-list',
1372 description => "A list of settings you want to delete.",
1373 optional => 1,
1374 },
1375 revert => {
1376 type => 'string', format => 'pve-configid-list',
1377 description => "Revert a pending change.",
1378 optional => 1,
1379 },
1380 force => {
1381 type => 'boolean',
1382 description => $opt_force_description,
1383 optional => 1,
1384 requires => 'delete',
1385 },
1386 digest => {
1387 type => 'string',
1388 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1389 maxLength => 40,
1390 optional => 1,
1391 },
1392 }),
1393 },
1394 returns => { type => 'null' },
1395 code => sub {
1396 my ($param) = @_;
1397 &$update_vm_api($param, 1);
1398 return undef;
1399 }
1400 });
1401
1402 __PACKAGE__->register_method({
1403 name => 'destroy_vm',
1404 path => '{vmid}',
1405 method => 'DELETE',
1406 protected => 1,
1407 proxyto => 'node',
1408 description => "Destroy the vm (also delete all used/owned volumes).",
1409 permissions => {
1410 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1411 },
1412 parameters => {
1413 additionalProperties => 0,
1414 properties => {
1415 node => get_standard_option('pve-node'),
1416 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1417 skiplock => get_standard_option('skiplock'),
1418 purge => {
1419 type => 'boolean',
1420 description => "Remove vmid from backup cron jobs.",
1421 optional => 1,
1422 },
1423 },
1424 },
1425 returns => {
1426 type => 'string',
1427 },
1428 code => sub {
1429 my ($param) = @_;
1430
1431 my $rpcenv = PVE::RPCEnvironment::get();
1432 my $authuser = $rpcenv->get_user();
1433 my $vmid = $param->{vmid};
1434
1435 my $skiplock = $param->{skiplock};
1436 raise_param_exc({ skiplock => "Only root may use this option." })
1437 if $skiplock && $authuser ne 'root@pam';
1438
1439 # test if VM exists
1440 my $conf = PVE::QemuConfig->load_config($vmid);
1441 my $storecfg = PVE::Storage::config();
1442 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
1443 die "unable to remove VM $vmid - used in HA resources\n"
1444 if PVE::HA::Config::vm_is_ha_managed($vmid);
1445
1446 if (!$param->{purge}) {
1447 # don't allow destroy if with replication jobs but no purge param
1448 my $repl_conf = PVE::ReplicationConfig->new();
1449 $repl_conf->check_for_existing_jobs($vmid);
1450 }
1451
1452 # early tests (repeat after locking)
1453 die "VM $vmid is running - destroy failed\n"
1454 if PVE::QemuServer::check_running($vmid);
1455
1456 my $realcmd = sub {
1457 my $upid = shift;
1458
1459 syslog('info', "destroy VM $vmid: $upid\n");
1460 PVE::QemuConfig->lock_config($vmid, sub {
1461 die "VM $vmid is running - destroy failed\n"
1462 if (PVE::QemuServer::check_running($vmid));
1463
1464 PVE::QemuServer::destroy_vm($storecfg, $vmid, $skiplock, { lock => 'destroyed' });
1465
1466 PVE::AccessControl::remove_vm_access($vmid);
1467 PVE::Firewall::remove_vmfw_conf($vmid);
1468 if ($param->{purge}) {
1469 PVE::ReplicationConfig::remove_vmid_jobs($vmid);
1470 PVE::VZDump::Plugin::remove_vmid_from_backup_jobs($vmid);
1471 }
1472
1473 # only now remove the zombie config, else we can have reuse race
1474 PVE::QemuConfig->destroy_config($vmid);
1475 });
1476 };
1477
1478 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1479 }});
1480
1481 __PACKAGE__->register_method({
1482 name => 'unlink',
1483 path => '{vmid}/unlink',
1484 method => 'PUT',
1485 protected => 1,
1486 proxyto => 'node',
1487 description => "Unlink/delete disk images.",
1488 permissions => {
1489 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1490 },
1491 parameters => {
1492 additionalProperties => 0,
1493 properties => {
1494 node => get_standard_option('pve-node'),
1495 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1496 idlist => {
1497 type => 'string', format => 'pve-configid-list',
1498 description => "A list of disk IDs you want to delete.",
1499 },
1500 force => {
1501 type => 'boolean',
1502 description => $opt_force_description,
1503 optional => 1,
1504 },
1505 },
1506 },
1507 returns => { type => 'null'},
1508 code => sub {
1509 my ($param) = @_;
1510
1511 $param->{delete} = extract_param($param, 'idlist');
1512
1513 __PACKAGE__->update_vm($param);
1514
1515 return undef;
1516 }});
1517
1518 my $sslcert;
1519
1520 __PACKAGE__->register_method({
1521 name => 'vncproxy',
1522 path => '{vmid}/vncproxy',
1523 method => 'POST',
1524 protected => 1,
1525 permissions => {
1526 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1527 },
1528 description => "Creates a TCP VNC proxy connections.",
1529 parameters => {
1530 additionalProperties => 0,
1531 properties => {
1532 node => get_standard_option('pve-node'),
1533 vmid => get_standard_option('pve-vmid'),
1534 websocket => {
1535 optional => 1,
1536 type => 'boolean',
1537 description => "starts websockify instead of vncproxy",
1538 },
1539 },
1540 },
1541 returns => {
1542 additionalProperties => 0,
1543 properties => {
1544 user => { type => 'string' },
1545 ticket => { type => 'string' },
1546 cert => { type => 'string' },
1547 port => { type => 'integer' },
1548 upid => { type => 'string' },
1549 },
1550 },
1551 code => sub {
1552 my ($param) = @_;
1553
1554 my $rpcenv = PVE::RPCEnvironment::get();
1555
1556 my $authuser = $rpcenv->get_user();
1557
1558 my $vmid = $param->{vmid};
1559 my $node = $param->{node};
1560 my $websocket = $param->{websocket};
1561
1562 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1563 my $use_serial = ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/));
1564
1565 my $authpath = "/vms/$vmid";
1566
1567 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1568
1569 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1570 if !$sslcert;
1571
1572 my $family;
1573 my $remcmd = [];
1574
1575 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1576 (undef, $family) = PVE::Cluster::remote_node_ip($node);
1577 my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
1578 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1579 $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, $use_serial ? '-t' : '-T');
1580 } else {
1581 $family = PVE::Tools::get_host_address_family($node);
1582 }
1583
1584 my $port = PVE::Tools::next_vnc_port($family);
1585
1586 my $timeout = 10;
1587
1588 my $realcmd = sub {
1589 my $upid = shift;
1590
1591 syslog('info', "starting vnc proxy $upid\n");
1592
1593 my $cmd;
1594
1595 if ($use_serial) {
1596
1597 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga}, '-escape', '0' ];
1598
1599 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1600 '-timeout', $timeout, '-authpath', $authpath,
1601 '-perm', 'Sys.Console'];
1602
1603 if ($param->{websocket}) {
1604 $ENV{PVE_VNC_TICKET} = $ticket; # pass ticket to vncterm
1605 push @$cmd, '-notls', '-listen', 'localhost';
1606 }
1607
1608 push @$cmd, '-c', @$remcmd, @$termcmd;
1609
1610 PVE::Tools::run_command($cmd);
1611
1612 } else {
1613
1614 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1615
1616 $cmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1617
1618 my $sock = IO::Socket::IP->new(
1619 ReuseAddr => 1,
1620 Listen => 1,
1621 LocalPort => $port,
1622 Proto => 'tcp',
1623 GetAddrInfoFlags => 0,
1624 ) or die "failed to create socket: $!\n";
1625 # Inside the worker we shouldn't have any previous alarms
1626 # running anyway...:
1627 alarm(0);
1628 local $SIG{ALRM} = sub { die "connection timed out\n" };
1629 alarm $timeout;
1630 accept(my $cli, $sock) or die "connection failed: $!\n";
1631 alarm(0);
1632 close($sock);
1633 if (PVE::Tools::run_command($cmd,
1634 output => '>&'.fileno($cli),
1635 input => '<&'.fileno($cli),
1636 noerr => 1) != 0)
1637 {
1638 die "Failed to run vncproxy.\n";
1639 }
1640 }
1641
1642 return;
1643 };
1644
1645 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
1646
1647 PVE::Tools::wait_for_vnc_port($port);
1648
1649 return {
1650 user => $authuser,
1651 ticket => $ticket,
1652 port => $port,
1653 upid => $upid,
1654 cert => $sslcert,
1655 };
1656 }});
1657
1658 __PACKAGE__->register_method({
1659 name => 'termproxy',
1660 path => '{vmid}/termproxy',
1661 method => 'POST',
1662 protected => 1,
1663 permissions => {
1664 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1665 },
1666 description => "Creates a TCP proxy connections.",
1667 parameters => {
1668 additionalProperties => 0,
1669 properties => {
1670 node => get_standard_option('pve-node'),
1671 vmid => get_standard_option('pve-vmid'),
1672 serial=> {
1673 optional => 1,
1674 type => 'string',
1675 enum => [qw(serial0 serial1 serial2 serial3)],
1676 description => "opens a serial terminal (defaults to display)",
1677 },
1678 },
1679 },
1680 returns => {
1681 additionalProperties => 0,
1682 properties => {
1683 user => { type => 'string' },
1684 ticket => { type => 'string' },
1685 port => { type => 'integer' },
1686 upid => { type => 'string' },
1687 },
1688 },
1689 code => sub {
1690 my ($param) = @_;
1691
1692 my $rpcenv = PVE::RPCEnvironment::get();
1693
1694 my $authuser = $rpcenv->get_user();
1695
1696 my $vmid = $param->{vmid};
1697 my $node = $param->{node};
1698 my $serial = $param->{serial};
1699
1700 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1701
1702 if (!defined($serial)) {
1703 if ($conf->{vga} && $conf->{vga} =~ m/^serial\d+$/) {
1704 $serial = $conf->{vga};
1705 }
1706 }
1707
1708 my $authpath = "/vms/$vmid";
1709
1710 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1711
1712 my $family;
1713 my $remcmd = [];
1714
1715 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1716 (undef, $family) = PVE::Cluster::remote_node_ip($node);
1717 my $sshinfo = PVE::SSHInfo::get_ssh_info($node);
1718 $remcmd = PVE::SSHInfo::ssh_info_to_command($sshinfo, '-t');
1719 push @$remcmd, '--';
1720 } else {
1721 $family = PVE::Tools::get_host_address_family($node);
1722 }
1723
1724 my $port = PVE::Tools::next_vnc_port($family);
1725
1726 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-escape', '0'];
1727 push @$termcmd, '-iface', $serial if $serial;
1728
1729 my $realcmd = sub {
1730 my $upid = shift;
1731
1732 syslog('info', "starting qemu termproxy $upid\n");
1733
1734 my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
1735 '--perm', 'VM.Console', '--'];
1736 push @$cmd, @$remcmd, @$termcmd;
1737
1738 PVE::Tools::run_command($cmd);
1739 };
1740
1741 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
1742
1743 PVE::Tools::wait_for_vnc_port($port);
1744
1745 return {
1746 user => $authuser,
1747 ticket => $ticket,
1748 port => $port,
1749 upid => $upid,
1750 };
1751 }});
1752
1753 __PACKAGE__->register_method({
1754 name => 'vncwebsocket',
1755 path => '{vmid}/vncwebsocket',
1756 method => 'GET',
1757 permissions => {
1758 description => "You also need to pass a valid ticket (vncticket).",
1759 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1760 },
1761 description => "Opens a weksocket for VNC traffic.",
1762 parameters => {
1763 additionalProperties => 0,
1764 properties => {
1765 node => get_standard_option('pve-node'),
1766 vmid => get_standard_option('pve-vmid'),
1767 vncticket => {
1768 description => "Ticket from previous call to vncproxy.",
1769 type => 'string',
1770 maxLength => 512,
1771 },
1772 port => {
1773 description => "Port number returned by previous vncproxy call.",
1774 type => 'integer',
1775 minimum => 5900,
1776 maximum => 5999,
1777 },
1778 },
1779 },
1780 returns => {
1781 type => "object",
1782 properties => {
1783 port => { type => 'string' },
1784 },
1785 },
1786 code => sub {
1787 my ($param) = @_;
1788
1789 my $rpcenv = PVE::RPCEnvironment::get();
1790
1791 my $authuser = $rpcenv->get_user();
1792
1793 my $vmid = $param->{vmid};
1794 my $node = $param->{node};
1795
1796 my $authpath = "/vms/$vmid";
1797
1798 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1799
1800 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
1801
1802 # Note: VNC ports are acessible from outside, so we do not gain any
1803 # security if we verify that $param->{port} belongs to VM $vmid. This
1804 # check is done by verifying the VNC ticket (inside VNC protocol).
1805
1806 my $port = $param->{port};
1807
1808 return { port => $port };
1809 }});
1810
1811 __PACKAGE__->register_method({
1812 name => 'spiceproxy',
1813 path => '{vmid}/spiceproxy',
1814 method => 'POST',
1815 protected => 1,
1816 proxyto => 'node',
1817 permissions => {
1818 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1819 },
1820 description => "Returns a SPICE configuration to connect to the VM.",
1821 parameters => {
1822 additionalProperties => 0,
1823 properties => {
1824 node => get_standard_option('pve-node'),
1825 vmid => get_standard_option('pve-vmid'),
1826 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1827 },
1828 },
1829 returns => get_standard_option('remote-viewer-config'),
1830 code => sub {
1831 my ($param) = @_;
1832
1833 my $rpcenv = PVE::RPCEnvironment::get();
1834
1835 my $authuser = $rpcenv->get_user();
1836
1837 my $vmid = $param->{vmid};
1838 my $node = $param->{node};
1839 my $proxy = $param->{proxy};
1840
1841 my $conf = PVE::QemuConfig->load_config($vmid, $node);
1842 my $title = "VM $vmid";
1843 $title .= " - ". $conf->{name} if $conf->{name};
1844
1845 my $port = PVE::QemuServer::spice_port($vmid);
1846
1847 my ($ticket, undef, $remote_viewer_config) =
1848 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1849
1850 mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1851 mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1852
1853 return $remote_viewer_config;
1854 }});
1855
1856 __PACKAGE__->register_method({
1857 name => 'vmcmdidx',
1858 path => '{vmid}/status',
1859 method => 'GET',
1860 proxyto => 'node',
1861 description => "Directory index",
1862 permissions => {
1863 user => 'all',
1864 },
1865 parameters => {
1866 additionalProperties => 0,
1867 properties => {
1868 node => get_standard_option('pve-node'),
1869 vmid => get_standard_option('pve-vmid'),
1870 },
1871 },
1872 returns => {
1873 type => 'array',
1874 items => {
1875 type => "object",
1876 properties => {
1877 subdir => { type => 'string' },
1878 },
1879 },
1880 links => [ { rel => 'child', href => "{subdir}" } ],
1881 },
1882 code => sub {
1883 my ($param) = @_;
1884
1885 # test if VM exists
1886 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1887
1888 my $res = [
1889 { subdir => 'current' },
1890 { subdir => 'start' },
1891 { subdir => 'stop' },
1892 { subdir => 'reset' },
1893 { subdir => 'shutdown' },
1894 { subdir => 'suspend' },
1895 { subdir => 'reboot' },
1896 ];
1897
1898 return $res;
1899 }});
1900
1901 __PACKAGE__->register_method({
1902 name => 'vm_status',
1903 path => '{vmid}/status/current',
1904 method => 'GET',
1905 proxyto => 'node',
1906 protected => 1, # qemu pid files are only readable by root
1907 description => "Get virtual machine status.",
1908 permissions => {
1909 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1910 },
1911 parameters => {
1912 additionalProperties => 0,
1913 properties => {
1914 node => get_standard_option('pve-node'),
1915 vmid => get_standard_option('pve-vmid'),
1916 },
1917 },
1918 returns => {
1919 type => 'object',
1920 properties => {
1921 %$PVE::QemuServer::vmstatus_return_properties,
1922 ha => {
1923 description => "HA manager service status.",
1924 type => 'object',
1925 },
1926 spice => {
1927 description => "Qemu VGA configuration supports spice.",
1928 type => 'boolean',
1929 optional => 1,
1930 },
1931 agent => {
1932 description => "Qemu GuestAgent enabled in config.",
1933 type => 'boolean',
1934 optional => 1,
1935 },
1936 },
1937 },
1938 code => sub {
1939 my ($param) = @_;
1940
1941 # test if VM exists
1942 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1943
1944 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1945 my $status = $vmstatus->{$param->{vmid}};
1946
1947 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
1948
1949 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1950 $status->{agent} = 1 if (PVE::QemuServer::parse_guest_agent($conf)->{enabled});
1951
1952 return $status;
1953 }});
1954
1955 __PACKAGE__->register_method({
1956 name => 'vm_start',
1957 path => '{vmid}/status/start',
1958 method => 'POST',
1959 protected => 1,
1960 proxyto => 'node',
1961 description => "Start virtual machine.",
1962 permissions => {
1963 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1964 },
1965 parameters => {
1966 additionalProperties => 0,
1967 properties => {
1968 node => get_standard_option('pve-node'),
1969 vmid => get_standard_option('pve-vmid',
1970 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1971 skiplock => get_standard_option('skiplock'),
1972 stateuri => get_standard_option('pve-qm-stateuri'),
1973 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1974 migration_type => {
1975 type => 'string',
1976 enum => ['secure', 'insecure'],
1977 description => "Migration traffic is encrypted using an SSH " .
1978 "tunnel by default. On secure, completely private networks " .
1979 "this can be disabled to increase performance.",
1980 optional => 1,
1981 },
1982 migration_network => {
1983 type => 'string', format => 'CIDR',
1984 description => "CIDR of the (sub) network that is used for migration.",
1985 optional => 1,
1986 },
1987 machine => get_standard_option('pve-qemu-machine'),
1988 targetstorage => {
1989 description => "Target storage for the migration. (Can be '1' to use the same storage id as on the source node.)",
1990 type => 'string',
1991 optional => 1
1992 }
1993 },
1994 },
1995 returns => {
1996 type => 'string',
1997 },
1998 code => sub {
1999 my ($param) = @_;
2000
2001 my $rpcenv = PVE::RPCEnvironment::get();
2002 my $authuser = $rpcenv->get_user();
2003
2004 my $node = extract_param($param, 'node');
2005 my $vmid = extract_param($param, 'vmid');
2006
2007 my $machine = extract_param($param, 'machine');
2008
2009 my $get_root_param = sub {
2010 my $value = extract_param($param, $_[0]);
2011 raise_param_exc({ "$_[0]" => "Only root may use this option." })
2012 if $value && $authuser ne 'root@pam';
2013 return $value;
2014 };
2015
2016 my $stateuri = $get_root_param->('stateuri');
2017 my $skiplock = $get_root_param->('skiplock');
2018 my $migratedfrom = $get_root_param->('migratedfrom');
2019 my $migration_type = $get_root_param->('migration_type');
2020 my $migration_network = $get_root_param->('migration_network');
2021 my $targetstorage = $get_root_param->('targetstorage');
2022
2023 raise_param_exc({ targetstorage => "targetstorage can only by used with migratedfrom." })
2024 if $targetstorage && !$migratedfrom;
2025
2026 # read spice ticket from STDIN
2027 my $spice_ticket;
2028 if ($stateuri && ($stateuri eq 'tcp' || $stateuri eq 'unix') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
2029 if (defined(my $line = <STDIN>)) {
2030 chomp $line;
2031 $spice_ticket = $line;
2032 }
2033 }
2034
2035 PVE::Cluster::check_cfs_quorum();
2036
2037 my $storecfg = PVE::Storage::config();
2038
2039 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri && $rpcenv->{type} ne 'ha') {
2040 my $hacmd = sub {
2041 my $upid = shift;
2042
2043 print "Requesting HA start for VM $vmid\n";
2044
2045 my $cmd = ['ha-manager', 'set', "vm:$vmid", '--state', 'started'];
2046 PVE::Tools::run_command($cmd);
2047 return;
2048 };
2049
2050 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
2051
2052 } else {
2053
2054 my $realcmd = sub {
2055 my $upid = shift;
2056
2057 syslog('info', "start VM $vmid: $upid\n");
2058
2059 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
2060 $machine, $spice_ticket, $migration_network, $migration_type, $targetstorage);
2061 return;
2062 };
2063
2064 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
2065 }
2066 }});
2067
2068 __PACKAGE__->register_method({
2069 name => 'vm_stop',
2070 path => '{vmid}/status/stop',
2071 method => 'POST',
2072 protected => 1,
2073 proxyto => 'node',
2074 description => "Stop virtual machine. The qemu process will exit immediately. This" .
2075 "is akin to pulling the power plug of a running computer and may damage the VM data",
2076 permissions => {
2077 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2078 },
2079 parameters => {
2080 additionalProperties => 0,
2081 properties => {
2082 node => get_standard_option('pve-node'),
2083 vmid => get_standard_option('pve-vmid',
2084 { completion => \&PVE::QemuServer::complete_vmid_running }),
2085 skiplock => get_standard_option('skiplock'),
2086 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
2087 timeout => {
2088 description => "Wait maximal timeout seconds.",
2089 type => 'integer',
2090 minimum => 0,
2091 optional => 1,
2092 },
2093 keepActive => {
2094 description => "Do not deactivate storage volumes.",
2095 type => 'boolean',
2096 optional => 1,
2097 default => 0,
2098 }
2099 },
2100 },
2101 returns => {
2102 type => 'string',
2103 },
2104 code => sub {
2105 my ($param) = @_;
2106
2107 my $rpcenv = PVE::RPCEnvironment::get();
2108 my $authuser = $rpcenv->get_user();
2109
2110 my $node = extract_param($param, 'node');
2111 my $vmid = extract_param($param, 'vmid');
2112
2113 my $skiplock = extract_param($param, 'skiplock');
2114 raise_param_exc({ skiplock => "Only root may use this option." })
2115 if $skiplock && $authuser ne 'root@pam';
2116
2117 my $keepActive = extract_param($param, 'keepActive');
2118 raise_param_exc({ keepActive => "Only root may use this option." })
2119 if $keepActive && $authuser ne 'root@pam';
2120
2121 my $migratedfrom = extract_param($param, 'migratedfrom');
2122 raise_param_exc({ migratedfrom => "Only root may use this option." })
2123 if $migratedfrom && $authuser ne 'root@pam';
2124
2125
2126 my $storecfg = PVE::Storage::config();
2127
2128 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
2129
2130 my $hacmd = sub {
2131 my $upid = shift;
2132
2133 print "Requesting HA stop for VM $vmid\n";
2134
2135 my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", '0'];
2136 PVE::Tools::run_command($cmd);
2137 return;
2138 };
2139
2140 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
2141
2142 } else {
2143 my $realcmd = sub {
2144 my $upid = shift;
2145
2146 syslog('info', "stop VM $vmid: $upid\n");
2147
2148 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
2149 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
2150 return;
2151 };
2152
2153 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
2154 }
2155 }});
2156
2157 __PACKAGE__->register_method({
2158 name => 'vm_reset',
2159 path => '{vmid}/status/reset',
2160 method => 'POST',
2161 protected => 1,
2162 proxyto => 'node',
2163 description => "Reset virtual machine.",
2164 permissions => {
2165 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2166 },
2167 parameters => {
2168 additionalProperties => 0,
2169 properties => {
2170 node => get_standard_option('pve-node'),
2171 vmid => get_standard_option('pve-vmid',
2172 { completion => \&PVE::QemuServer::complete_vmid_running }),
2173 skiplock => get_standard_option('skiplock'),
2174 },
2175 },
2176 returns => {
2177 type => 'string',
2178 },
2179 code => sub {
2180 my ($param) = @_;
2181
2182 my $rpcenv = PVE::RPCEnvironment::get();
2183
2184 my $authuser = $rpcenv->get_user();
2185
2186 my $node = extract_param($param, 'node');
2187
2188 my $vmid = extract_param($param, 'vmid');
2189
2190 my $skiplock = extract_param($param, 'skiplock');
2191 raise_param_exc({ skiplock => "Only root may use this option." })
2192 if $skiplock && $authuser ne 'root@pam';
2193
2194 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2195
2196 my $realcmd = sub {
2197 my $upid = shift;
2198
2199 PVE::QemuServer::vm_reset($vmid, $skiplock);
2200
2201 return;
2202 };
2203
2204 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
2205 }});
2206
2207 __PACKAGE__->register_method({
2208 name => 'vm_shutdown',
2209 path => '{vmid}/status/shutdown',
2210 method => 'POST',
2211 protected => 1,
2212 proxyto => 'node',
2213 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
2214 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
2215 permissions => {
2216 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2217 },
2218 parameters => {
2219 additionalProperties => 0,
2220 properties => {
2221 node => get_standard_option('pve-node'),
2222 vmid => get_standard_option('pve-vmid',
2223 { completion => \&PVE::QemuServer::complete_vmid_running }),
2224 skiplock => get_standard_option('skiplock'),
2225 timeout => {
2226 description => "Wait maximal timeout seconds.",
2227 type => 'integer',
2228 minimum => 0,
2229 optional => 1,
2230 },
2231 forceStop => {
2232 description => "Make sure the VM stops.",
2233 type => 'boolean',
2234 optional => 1,
2235 default => 0,
2236 },
2237 keepActive => {
2238 description => "Do not deactivate storage volumes.",
2239 type => 'boolean',
2240 optional => 1,
2241 default => 0,
2242 }
2243 },
2244 },
2245 returns => {
2246 type => 'string',
2247 },
2248 code => sub {
2249 my ($param) = @_;
2250
2251 my $rpcenv = PVE::RPCEnvironment::get();
2252 my $authuser = $rpcenv->get_user();
2253
2254 my $node = extract_param($param, 'node');
2255 my $vmid = extract_param($param, 'vmid');
2256
2257 my $skiplock = extract_param($param, 'skiplock');
2258 raise_param_exc({ skiplock => "Only root may use this option." })
2259 if $skiplock && $authuser ne 'root@pam';
2260
2261 my $keepActive = extract_param($param, 'keepActive');
2262 raise_param_exc({ keepActive => "Only root may use this option." })
2263 if $keepActive && $authuser ne 'root@pam';
2264
2265 my $storecfg = PVE::Storage::config();
2266
2267 my $shutdown = 1;
2268
2269 # if vm is paused, do not shutdown (but stop if forceStop = 1)
2270 # otherwise, we will infer a shutdown command, but run into the timeout,
2271 # then when the vm is resumed, it will instantly shutdown
2272 #
2273 # checking the qmp status here to get feedback to the gui/cli/api
2274 # and the status query should not take too long
2275 my $qmpstatus = eval {
2276 PVE::QemuConfig::assert_config_exists_on_node($vmid);
2277 mon_cmd($vmid, "query-status");
2278 };
2279 my $err = $@ if $@;
2280
2281 if (!$err && $qmpstatus->{status} eq "paused") {
2282 if ($param->{forceStop}) {
2283 warn "VM is paused - stop instead of shutdown\n";
2284 $shutdown = 0;
2285 } else {
2286 die "VM is paused - cannot shutdown\n";
2287 }
2288 }
2289
2290 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2291
2292 my $timeout = $param->{timeout} // 60;
2293 my $hacmd = sub {
2294 my $upid = shift;
2295
2296 print "Requesting HA stop for VM $vmid\n";
2297
2298 my $cmd = ['ha-manager', 'crm-command', 'stop', "vm:$vmid", "$timeout"];
2299 PVE::Tools::run_command($cmd);
2300 return;
2301 };
2302
2303 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
2304
2305 } else {
2306
2307 my $realcmd = sub {
2308 my $upid = shift;
2309
2310 syslog('info', "shutdown VM $vmid: $upid\n");
2311
2312 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
2313 $shutdown, $param->{forceStop}, $keepActive);
2314 return;
2315 };
2316
2317 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
2318 }
2319 }});
2320
2321 __PACKAGE__->register_method({
2322 name => 'vm_reboot',
2323 path => '{vmid}/status/reboot',
2324 method => 'POST',
2325 protected => 1,
2326 proxyto => 'node',
2327 description => "Reboot the VM by shutting it down, and starting it again. Applies pending changes.",
2328 permissions => {
2329 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2330 },
2331 parameters => {
2332 additionalProperties => 0,
2333 properties => {
2334 node => get_standard_option('pve-node'),
2335 vmid => get_standard_option('pve-vmid',
2336 { completion => \&PVE::QemuServer::complete_vmid_running }),
2337 timeout => {
2338 description => "Wait maximal timeout seconds for the shutdown.",
2339 type => 'integer',
2340 minimum => 0,
2341 optional => 1,
2342 },
2343 },
2344 },
2345 returns => {
2346 type => 'string',
2347 },
2348 code => sub {
2349 my ($param) = @_;
2350
2351 my $rpcenv = PVE::RPCEnvironment::get();
2352 my $authuser = $rpcenv->get_user();
2353
2354 my $node = extract_param($param, 'node');
2355 my $vmid = extract_param($param, 'vmid');
2356
2357 my $qmpstatus = eval {
2358 PVE::QemuConfig::assert_config_exists_on_node($vmid);
2359 mon_cmd($vmid, "query-status");
2360 };
2361 my $err = $@ if $@;
2362
2363 if (!$err && $qmpstatus->{status} eq "paused") {
2364 die "VM is paused - cannot shutdown\n";
2365 }
2366
2367 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2368
2369 my $realcmd = sub {
2370 my $upid = shift;
2371
2372 syslog('info', "requesting reboot of VM $vmid: $upid\n");
2373 PVE::QemuServer::vm_reboot($vmid, $param->{timeout});
2374 return;
2375 };
2376
2377 return $rpcenv->fork_worker('qmreboot', $vmid, $authuser, $realcmd);
2378 }});
2379
2380 __PACKAGE__->register_method({
2381 name => 'vm_suspend',
2382 path => '{vmid}/status/suspend',
2383 method => 'POST',
2384 protected => 1,
2385 proxyto => 'node',
2386 description => "Suspend virtual machine.",
2387 permissions => {
2388 description => "You need 'VM.PowerMgmt' on /vms/{vmid}, and if you have set 'todisk',".
2389 " you need also 'VM.Config.Disk' on /vms/{vmid} and 'Datastore.AllocateSpace'".
2390 " on the storage for the vmstate.",
2391 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2392 },
2393 parameters => {
2394 additionalProperties => 0,
2395 properties => {
2396 node => get_standard_option('pve-node'),
2397 vmid => get_standard_option('pve-vmid',
2398 { completion => \&PVE::QemuServer::complete_vmid_running }),
2399 skiplock => get_standard_option('skiplock'),
2400 todisk => {
2401 type => 'boolean',
2402 default => 0,
2403 optional => 1,
2404 description => 'If set, suspends the VM to disk. Will be resumed on next VM start.',
2405 },
2406 statestorage => get_standard_option('pve-storage-id', {
2407 description => "The storage for the VM state",
2408 requires => 'todisk',
2409 optional => 1,
2410 completion => \&PVE::Storage::complete_storage_enabled,
2411 }),
2412 },
2413 },
2414 returns => {
2415 type => 'string',
2416 },
2417 code => sub {
2418 my ($param) = @_;
2419
2420 my $rpcenv = PVE::RPCEnvironment::get();
2421 my $authuser = $rpcenv->get_user();
2422
2423 my $node = extract_param($param, 'node');
2424 my $vmid = extract_param($param, 'vmid');
2425
2426 my $todisk = extract_param($param, 'todisk') // 0;
2427
2428 my $statestorage = extract_param($param, 'statestorage');
2429
2430 my $skiplock = extract_param($param, 'skiplock');
2431 raise_param_exc({ skiplock => "Only root may use this option." })
2432 if $skiplock && $authuser ne 'root@pam';
2433
2434 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2435
2436 die "Cannot suspend HA managed VM to disk\n"
2437 if $todisk && PVE::HA::Config::vm_is_ha_managed($vmid);
2438
2439 # early check for storage permission, for better user feedback
2440 if ($todisk) {
2441 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
2442
2443 if (!$statestorage) {
2444 # get statestorage from config if none is given
2445 my $conf = PVE::QemuConfig->load_config($vmid);
2446 my $storecfg = PVE::Storage::config();
2447 $statestorage = PVE::QemuServer::find_vmstate_storage($conf, $storecfg);
2448 }
2449
2450 $rpcenv->check($authuser, "/storage/$statestorage", ['Datastore.AllocateSpace']);
2451 }
2452
2453 my $realcmd = sub {
2454 my $upid = shift;
2455
2456 syslog('info', "suspend VM $vmid: $upid\n");
2457
2458 PVE::QemuServer::vm_suspend($vmid, $skiplock, $todisk, $statestorage);
2459
2460 return;
2461 };
2462
2463 my $taskname = $todisk ? 'qmsuspend' : 'qmpause';
2464 return $rpcenv->fork_worker($taskname, $vmid, $authuser, $realcmd);
2465 }});
2466
2467 __PACKAGE__->register_method({
2468 name => 'vm_resume',
2469 path => '{vmid}/status/resume',
2470 method => 'POST',
2471 protected => 1,
2472 proxyto => 'node',
2473 description => "Resume virtual machine.",
2474 permissions => {
2475 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2476 },
2477 parameters => {
2478 additionalProperties => 0,
2479 properties => {
2480 node => get_standard_option('pve-node'),
2481 vmid => get_standard_option('pve-vmid',
2482 { completion => \&PVE::QemuServer::complete_vmid_running }),
2483 skiplock => get_standard_option('skiplock'),
2484 nocheck => { type => 'boolean', optional => 1 },
2485
2486 },
2487 },
2488 returns => {
2489 type => 'string',
2490 },
2491 code => sub {
2492 my ($param) = @_;
2493
2494 my $rpcenv = PVE::RPCEnvironment::get();
2495
2496 my $authuser = $rpcenv->get_user();
2497
2498 my $node = extract_param($param, 'node');
2499
2500 my $vmid = extract_param($param, 'vmid');
2501
2502 my $skiplock = extract_param($param, 'skiplock');
2503 raise_param_exc({ skiplock => "Only root may use this option." })
2504 if $skiplock && $authuser ne 'root@pam';
2505
2506 my $nocheck = extract_param($param, 'nocheck');
2507
2508 my $to_disk_suspended;
2509 eval {
2510 PVE::QemuConfig->lock_config($vmid, sub {
2511 my $conf = PVE::QemuConfig->load_config($vmid);
2512 $to_disk_suspended = PVE::QemuConfig->has_lock($conf, 'suspended');
2513 });
2514 };
2515
2516 die "VM $vmid not running\n"
2517 if !$to_disk_suspended && !PVE::QemuServer::check_running($vmid, $nocheck);
2518
2519 my $realcmd = sub {
2520 my $upid = shift;
2521
2522 syslog('info', "resume VM $vmid: $upid\n");
2523
2524 if (!$to_disk_suspended) {
2525 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
2526 } else {
2527 my $storecfg = PVE::Storage::config();
2528 PVE::QemuServer::vm_start($storecfg, $vmid, undef, $skiplock);
2529 }
2530
2531 return;
2532 };
2533
2534 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2535 }});
2536
2537 __PACKAGE__->register_method({
2538 name => 'vm_sendkey',
2539 path => '{vmid}/sendkey',
2540 method => 'PUT',
2541 protected => 1,
2542 proxyto => 'node',
2543 description => "Send key event to virtual machine.",
2544 permissions => {
2545 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2546 },
2547 parameters => {
2548 additionalProperties => 0,
2549 properties => {
2550 node => get_standard_option('pve-node'),
2551 vmid => get_standard_option('pve-vmid',
2552 { completion => \&PVE::QemuServer::complete_vmid_running }),
2553 skiplock => get_standard_option('skiplock'),
2554 key => {
2555 description => "The key (qemu monitor encoding).",
2556 type => 'string'
2557 }
2558 },
2559 },
2560 returns => { type => 'null'},
2561 code => sub {
2562 my ($param) = @_;
2563
2564 my $rpcenv = PVE::RPCEnvironment::get();
2565
2566 my $authuser = $rpcenv->get_user();
2567
2568 my $node = extract_param($param, 'node');
2569
2570 my $vmid = extract_param($param, 'vmid');
2571
2572 my $skiplock = extract_param($param, 'skiplock');
2573 raise_param_exc({ skiplock => "Only root may use this option." })
2574 if $skiplock && $authuser ne 'root@pam';
2575
2576 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2577
2578 return;
2579 }});
2580
2581 __PACKAGE__->register_method({
2582 name => 'vm_feature',
2583 path => '{vmid}/feature',
2584 method => 'GET',
2585 proxyto => 'node',
2586 protected => 1,
2587 description => "Check if feature for virtual machine is available.",
2588 permissions => {
2589 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2590 },
2591 parameters => {
2592 additionalProperties => 0,
2593 properties => {
2594 node => get_standard_option('pve-node'),
2595 vmid => get_standard_option('pve-vmid'),
2596 feature => {
2597 description => "Feature to check.",
2598 type => 'string',
2599 enum => [ 'snapshot', 'clone', 'copy' ],
2600 },
2601 snapname => get_standard_option('pve-snapshot-name', {
2602 optional => 1,
2603 }),
2604 },
2605 },
2606 returns => {
2607 type => "object",
2608 properties => {
2609 hasFeature => { type => 'boolean' },
2610 nodes => {
2611 type => 'array',
2612 items => { type => 'string' },
2613 }
2614 },
2615 },
2616 code => sub {
2617 my ($param) = @_;
2618
2619 my $node = extract_param($param, 'node');
2620
2621 my $vmid = extract_param($param, 'vmid');
2622
2623 my $snapname = extract_param($param, 'snapname');
2624
2625 my $feature = extract_param($param, 'feature');
2626
2627 my $running = PVE::QemuServer::check_running($vmid);
2628
2629 my $conf = PVE::QemuConfig->load_config($vmid);
2630
2631 if($snapname){
2632 my $snap = $conf->{snapshots}->{$snapname};
2633 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2634 $conf = $snap;
2635 }
2636 my $storecfg = PVE::Storage::config();
2637
2638 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2639 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
2640
2641 return {
2642 hasFeature => $hasFeature,
2643 nodes => [ keys %$nodelist ],
2644 };
2645 }});
2646
2647 __PACKAGE__->register_method({
2648 name => 'clone_vm',
2649 path => '{vmid}/clone',
2650 method => 'POST',
2651 protected => 1,
2652 proxyto => 'node',
2653 description => "Create a copy of virtual machine/template.",
2654 permissions => {
2655 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2656 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2657 "'Datastore.AllocateSpace' on any used storage.",
2658 check =>
2659 [ 'and',
2660 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2661 [ 'or',
2662 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2663 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2664 ],
2665 ]
2666 },
2667 parameters => {
2668 additionalProperties => 0,
2669 properties => {
2670 node => get_standard_option('pve-node'),
2671 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2672 newid => get_standard_option('pve-vmid', {
2673 completion => \&PVE::Cluster::complete_next_vmid,
2674 description => 'VMID for the clone.' }),
2675 name => {
2676 optional => 1,
2677 type => 'string', format => 'dns-name',
2678 description => "Set a name for the new VM.",
2679 },
2680 description => {
2681 optional => 1,
2682 type => 'string',
2683 description => "Description for the new VM.",
2684 },
2685 pool => {
2686 optional => 1,
2687 type => 'string', format => 'pve-poolid',
2688 description => "Add the new VM to the specified pool.",
2689 },
2690 snapname => get_standard_option('pve-snapshot-name', {
2691 optional => 1,
2692 }),
2693 storage => get_standard_option('pve-storage-id', {
2694 description => "Target storage for full clone.",
2695 optional => 1,
2696 }),
2697 'format' => {
2698 description => "Target format for file storage. Only valid for full clone.",
2699 type => 'string',
2700 optional => 1,
2701 enum => [ 'raw', 'qcow2', 'vmdk'],
2702 },
2703 full => {
2704 optional => 1,
2705 type => 'boolean',
2706 description => "Create a full copy of all disks. This is always done when " .
2707 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2708 },
2709 target => get_standard_option('pve-node', {
2710 description => "Target node. Only allowed if the original VM is on shared storage.",
2711 optional => 1,
2712 }),
2713 bwlimit => {
2714 description => "Override I/O bandwidth limit (in KiB/s).",
2715 optional => 1,
2716 type => 'integer',
2717 minimum => '0',
2718 default => 'clone limit from datacenter or storage config',
2719 },
2720 },
2721 },
2722 returns => {
2723 type => 'string',
2724 },
2725 code => sub {
2726 my ($param) = @_;
2727
2728 my $rpcenv = PVE::RPCEnvironment::get();
2729 my $authuser = $rpcenv->get_user();
2730
2731 my $node = extract_param($param, 'node');
2732 my $vmid = extract_param($param, 'vmid');
2733 my $newid = extract_param($param, 'newid');
2734 my $pool = extract_param($param, 'pool');
2735 $rpcenv->check_pool_exist($pool) if defined($pool);
2736
2737 my $snapname = extract_param($param, 'snapname');
2738 my $storage = extract_param($param, 'storage');
2739 my $format = extract_param($param, 'format');
2740 my $target = extract_param($param, 'target');
2741
2742 my $localnode = PVE::INotify::nodename();
2743
2744 if ($target && ($target eq $localnode || $target eq 'localhost')) {
2745 undef $target;
2746 } else {
2747 PVE::Cluster::check_node_exists($target);
2748 }
2749
2750 my $storecfg = PVE::Storage::config();
2751
2752 if ($storage) {
2753 # check if storage is enabled on local node
2754 PVE::Storage::storage_check_enabled($storecfg, $storage);
2755 if ($target) {
2756 # check if storage is available on target node
2757 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2758 # clone only works if target storage is shared
2759 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2760 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2761 }
2762 }
2763
2764 PVE::Cluster::check_cfs_quorum();
2765
2766 my $running = PVE::QemuServer::check_running($vmid) || 0;
2767
2768 # exclusive lock if VM is running - else shared lock is enough;
2769 my $shared_lock = $running ? 0 : 1;
2770
2771 my $clonefn = sub {
2772 # do all tests after lock but before forking worker - if possible
2773
2774 my $conf = PVE::QemuConfig->load_config($vmid);
2775 PVE::QemuConfig->check_lock($conf);
2776
2777 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2778 die "unexpected state change\n" if $verify_running != $running;
2779
2780 die "snapshot '$snapname' does not exist\n"
2781 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2782
2783 my $full = extract_param($param, 'full') // !PVE::QemuConfig->is_template($conf);
2784
2785 die "parameter 'storage' not allowed for linked clones\n"
2786 if defined($storage) && !$full;
2787
2788 die "parameter 'format' not allowed for linked clones\n"
2789 if defined($format) && !$full;
2790
2791 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2792
2793 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2794
2795 die "can't clone VM to node '$target' (VM uses local storage)\n"
2796 if $target && !$sharedvm;
2797
2798 my $conffile = PVE::QemuConfig->config_file($newid);
2799 die "unable to create VM $newid: config file already exists\n"
2800 if -f $conffile;
2801
2802 my $newconf = { lock => 'clone' };
2803 my $drives = {};
2804 my $fullclone = {};
2805 my $vollist = [];
2806
2807 foreach my $opt (keys %$oldconf) {
2808 my $value = $oldconf->{$opt};
2809
2810 # do not copy snapshot related info
2811 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2812 $opt eq 'vmstate' || $opt eq 'snapstate';
2813
2814 # no need to copy unused images, because VMID(owner) changes anyways
2815 next if $opt =~ m/^unused\d+$/;
2816
2817 # always change MAC! address
2818 if ($opt =~ m/^net(\d+)$/) {
2819 my $net = PVE::QemuServer::parse_net($value);
2820 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2821 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
2822 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2823 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
2824 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2825 die "unable to parse drive options for '$opt'\n" if !$drive;
2826 if (PVE::QemuServer::drive_is_cdrom($drive, 1)) {
2827 $newconf->{$opt} = $value; # simply copy configuration
2828 } else {
2829 if ($full || PVE::QemuServer::drive_is_cloudinit($drive)) {
2830 die "Full clone feature is not supported for drive '$opt'\n"
2831 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2832 $fullclone->{$opt} = 1;
2833 } else {
2834 # not full means clone instead of copy
2835 die "Linked clone feature is not supported for drive '$opt'\n"
2836 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2837 }
2838 $drives->{$opt} = $drive;
2839 push @$vollist, $drive->{file};
2840 }
2841 } else {
2842 # copy everything else
2843 $newconf->{$opt} = $value;
2844 }
2845 }
2846
2847 # auto generate a new uuid
2848 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2849 $smbios1->{uuid} = PVE::QemuServer::generate_uuid();
2850 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2851 # auto generate a new vmgenid only if the option was set for template
2852 if ($newconf->{vmgenid}) {
2853 $newconf->{vmgenid} = PVE::QemuServer::generate_uuid();
2854 }
2855
2856 delete $newconf->{template};
2857
2858 if ($param->{name}) {
2859 $newconf->{name} = $param->{name};
2860 } else {
2861 $newconf->{name} = "Copy-of-VM-" . ($oldconf->{name} // $vmid);
2862 }
2863
2864 if ($param->{description}) {
2865 $newconf->{description} = $param->{description};
2866 }
2867
2868 # create empty/temp config - this fails if VM already exists on other node
2869 # FIXME use PVE::QemuConfig->create_and_lock_config and adapt code
2870 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2871
2872 my $realcmd = sub {
2873 my $upid = shift;
2874
2875 my $newvollist = [];
2876 my $jobs = {};
2877
2878 eval {
2879 local $SIG{INT} =
2880 local $SIG{TERM} =
2881 local $SIG{QUIT} =
2882 local $SIG{HUP} = sub { die "interrupted by signal\n"; };
2883
2884 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2885
2886 my $bwlimit = extract_param($param, 'bwlimit');
2887
2888 my $total_jobs = scalar(keys %{$drives});
2889 my $i = 1;
2890
2891 foreach my $opt (keys %$drives) {
2892 my $drive = $drives->{$opt};
2893 my $skipcomplete = ($total_jobs != $i); # finish after last drive
2894
2895 my $src_sid = PVE::Storage::parse_volume_id($drive->{file});
2896 my $storage_list = [ $src_sid ];
2897 push @$storage_list, $storage if defined($storage);
2898 my $clonelimit = PVE::Storage::get_bandwidth_limit('clone', $storage_list, $bwlimit);
2899
2900 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2901 $newid, $storage, $format, $fullclone->{$opt}, $newvollist,
2902 $jobs, $skipcomplete, $oldconf->{agent}, $clonelimit);
2903
2904 $newconf->{$opt} = PVE::QemuServer::print_drive($newdrive);
2905
2906 PVE::QemuConfig->write_config($newid, $newconf);
2907 $i++;
2908 }
2909
2910 delete $newconf->{lock};
2911
2912 # do not write pending changes
2913 if (my @changes = keys %{$newconf->{pending}}) {
2914 my $pending = join(',', @changes);
2915 warn "found pending changes for '$pending', discarding for clone\n";
2916 delete $newconf->{pending};
2917 }
2918
2919 PVE::QemuConfig->write_config($newid, $newconf);
2920
2921 if ($target) {
2922 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2923 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
2924 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
2925
2926 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
2927 die "Failed to move config to node '$target' - rename failed: $!\n"
2928 if !rename($conffile, $newconffile);
2929 }
2930
2931 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2932 };
2933 if (my $err = $@) {
2934 unlink $conffile;
2935
2936 eval { PVE::QemuServer::qemu_blockjobs_cancel($vmid, $jobs) };
2937 sleep 1; # some storage like rbd need to wait before release volume - really?
2938
2939 foreach my $volid (@$newvollist) {
2940 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2941 warn $@ if $@;
2942 }
2943
2944 PVE::Firewall::remove_vmfw_conf($newid);
2945
2946 die "clone failed: $err";
2947 }
2948
2949 return;
2950 };
2951
2952 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2953
2954 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2955 };
2956
2957 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
2958 # Aquire exclusive lock lock for $newid
2959 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
2960 });
2961
2962 }});
2963
2964 __PACKAGE__->register_method({
2965 name => 'move_vm_disk',
2966 path => '{vmid}/move_disk',
2967 method => 'POST',
2968 protected => 1,
2969 proxyto => 'node',
2970 description => "Move volume to different storage.",
2971 permissions => {
2972 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, and 'Datastore.AllocateSpace' permissions on the storage.",
2973 check => [ 'and',
2974 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2975 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2976 ],
2977 },
2978 parameters => {
2979 additionalProperties => 0,
2980 properties => {
2981 node => get_standard_option('pve-node'),
2982 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2983 disk => {
2984 type => 'string',
2985 description => "The disk you want to move.",
2986 enum => [ PVE::QemuServer::valid_drive_names() ],
2987 },
2988 storage => get_standard_option('pve-storage-id', {
2989 description => "Target storage.",
2990 completion => \&PVE::QemuServer::complete_storage,
2991 }),
2992 'format' => {
2993 type => 'string',
2994 description => "Target Format.",
2995 enum => [ 'raw', 'qcow2', 'vmdk' ],
2996 optional => 1,
2997 },
2998 delete => {
2999 type => 'boolean',
3000 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
3001 optional => 1,
3002 default => 0,
3003 },
3004 digest => {
3005 type => 'string',
3006 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
3007 maxLength => 40,
3008 optional => 1,
3009 },
3010 bwlimit => {
3011 description => "Override I/O bandwidth limit (in KiB/s).",
3012 optional => 1,
3013 type => 'integer',
3014 minimum => '0',
3015 default => 'move limit from datacenter or storage config',
3016 },
3017 },
3018 },
3019 returns => {
3020 type => 'string',
3021 description => "the task ID.",
3022 },
3023 code => sub {
3024 my ($param) = @_;
3025
3026 my $rpcenv = PVE::RPCEnvironment::get();
3027 my $authuser = $rpcenv->get_user();
3028
3029 my $node = extract_param($param, 'node');
3030 my $vmid = extract_param($param, 'vmid');
3031 my $digest = extract_param($param, 'digest');
3032 my $disk = extract_param($param, 'disk');
3033 my $storeid = extract_param($param, 'storage');
3034 my $format = extract_param($param, 'format');
3035
3036 my $storecfg = PVE::Storage::config();
3037
3038 my $updatefn = sub {
3039 my $conf = PVE::QemuConfig->load_config($vmid);
3040 PVE::QemuConfig->check_lock($conf);
3041
3042 die "VM config checksum missmatch (file change by other user?)\n"
3043 if $digest && $digest ne $conf->{digest};
3044
3045 die "disk '$disk' does not exist\n" if !$conf->{$disk};
3046
3047 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
3048
3049 die "disk '$disk' has no associated volume\n" if !$drive->{file};
3050 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive, 1);
3051
3052 my $old_volid = $drive->{file};
3053 my $oldfmt;
3054 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
3055 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
3056 $oldfmt = $1;
3057 }
3058
3059 die "you can't move to the same storage with same format\n" if $oldstoreid eq $storeid &&
3060 (!$format || !$oldfmt || $oldfmt eq $format);
3061
3062 # this only checks snapshots because $disk is passed!
3063 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
3064 die "you can't move a disk with snapshots and delete the source\n"
3065 if $snapshotted && $param->{delete};
3066
3067 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
3068
3069 my $running = PVE::QemuServer::check_running($vmid);
3070
3071 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
3072
3073 my $realcmd = sub {
3074 my $newvollist = [];
3075
3076 eval {
3077 local $SIG{INT} =
3078 local $SIG{TERM} =
3079 local $SIG{QUIT} =
3080 local $SIG{HUP} = sub { die "interrupted by signal\n"; };
3081
3082 warn "moving disk with snapshots, snapshots will not be moved!\n"
3083 if $snapshotted;
3084
3085 my $bwlimit = extract_param($param, 'bwlimit');
3086 my $movelimit = PVE::Storage::get_bandwidth_limit('move', [$oldstoreid, $storeid], $bwlimit);
3087
3088 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
3089 $vmid, $storeid, $format, 1, $newvollist, undef, undef, undef, $movelimit);
3090
3091 $conf->{$disk} = PVE::QemuServer::print_drive($newdrive);
3092
3093 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
3094
3095 # convert moved disk to base if part of template
3096 PVE::QemuServer::template_create($vmid, $conf, $disk)
3097 if PVE::QemuConfig->is_template($conf);
3098
3099 PVE::QemuConfig->write_config($vmid, $conf);
3100
3101 my $do_trim = PVE::QemuServer::parse_guest_agent($conf)->{fstrim_cloned_disks};
3102 if ($running && $do_trim && PVE::QemuServer::qga_check_running($vmid)) {
3103 eval { mon_cmd($vmid, "guest-fstrim") };
3104 }
3105
3106 eval {
3107 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
3108 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
3109 if !$running;
3110 };
3111 warn $@ if $@;
3112 };
3113 if (my $err = $@) {
3114 foreach my $volid (@$newvollist) {
3115 eval { PVE::Storage::vdisk_free($storecfg, $volid) };
3116 warn $@ if $@;
3117 }
3118 die "storage migration failed: $err";
3119 }
3120
3121 if ($param->{delete}) {
3122 eval {
3123 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
3124 PVE::Storage::vdisk_free($storecfg, $old_volid);
3125 };
3126 warn $@ if $@;
3127 }
3128 };
3129
3130 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
3131 };
3132
3133 return PVE::QemuConfig->lock_config($vmid, $updatefn);
3134 }});
3135
3136 my $check_vm_disks_local = sub {
3137 my ($storecfg, $vmconf, $vmid) = @_;
3138
3139 my $local_disks = {};
3140
3141 # add some more information to the disks e.g. cdrom
3142 PVE::QemuServer::foreach_volid($vmconf, sub {
3143 my ($volid, $attr) = @_;
3144
3145 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
3146 if ($storeid) {
3147 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
3148 return if $scfg->{shared};
3149 }
3150 # The shared attr here is just a special case where the vdisk
3151 # is marked as shared manually
3152 return if $attr->{shared};
3153 return if $attr->{cdrom} and $volid eq "none";
3154
3155 if (exists $local_disks->{$volid}) {
3156 @{$local_disks->{$volid}}{keys %$attr} = values %$attr
3157 } else {
3158 $local_disks->{$volid} = $attr;
3159 # ensure volid is present in case it's needed
3160 $local_disks->{$volid}->{volid} = $volid;
3161 }
3162 });
3163
3164 return $local_disks;
3165 };
3166
3167 __PACKAGE__->register_method({
3168 name => 'migrate_vm_precondition',
3169 path => '{vmid}/migrate',
3170 method => 'GET',
3171 protected => 1,
3172 proxyto => 'node',
3173 description => "Get preconditions for migration.",
3174 permissions => {
3175 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
3176 },
3177 parameters => {
3178 additionalProperties => 0,
3179 properties => {
3180 node => get_standard_option('pve-node'),
3181 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3182 target => get_standard_option('pve-node', {
3183 description => "Target node.",
3184 completion => \&PVE::Cluster::complete_migration_target,
3185 optional => 1,
3186 }),
3187 },
3188 },
3189 returns => {
3190 type => "object",
3191 properties => {
3192 running => { type => 'boolean' },
3193 allowed_nodes => {
3194 type => 'array',
3195 optional => 1,
3196 description => "List nodes allowed for offline migration, only passed if VM is offline"
3197 },
3198 not_allowed_nodes => {
3199 type => 'object',
3200 optional => 1,
3201 description => "List not allowed nodes with additional informations, only passed if VM is offline"
3202 },
3203 local_disks => {
3204 type => 'array',
3205 description => "List local disks including CD-Rom, unsused and not referenced disks"
3206 },
3207 local_resources => {
3208 type => 'array',
3209 description => "List local resources e.g. pci, usb"
3210 }
3211 },
3212 },
3213 code => sub {
3214 my ($param) = @_;
3215
3216 my $rpcenv = PVE::RPCEnvironment::get();
3217
3218 my $authuser = $rpcenv->get_user();
3219
3220 PVE::Cluster::check_cfs_quorum();
3221
3222 my $res = {};
3223
3224 my $vmid = extract_param($param, 'vmid');
3225 my $target = extract_param($param, 'target');
3226 my $localnode = PVE::INotify::nodename();
3227
3228
3229 # test if VM exists
3230 my $vmconf = PVE::QemuConfig->load_config($vmid);
3231 my $storecfg = PVE::Storage::config();
3232
3233
3234 # try to detect errors early
3235 PVE::QemuConfig->check_lock($vmconf);
3236
3237 $res->{running} = PVE::QemuServer::check_running($vmid) ? 1:0;
3238
3239 # if vm is not running, return target nodes where local storage is available
3240 # for offline migration
3241 if (!$res->{running}) {
3242 $res->{allowed_nodes} = [];
3243 my $checked_nodes = PVE::QemuServer::check_local_storage_availability($vmconf, $storecfg);
3244 delete $checked_nodes->{$localnode};
3245
3246 foreach my $node (keys %$checked_nodes) {
3247 if (!defined $checked_nodes->{$node}->{unavailable_storages}) {
3248 push @{$res->{allowed_nodes}}, $node;
3249 }
3250
3251 }
3252 $res->{not_allowed_nodes} = $checked_nodes;
3253 }
3254
3255
3256 my $local_disks = &$check_vm_disks_local($storecfg, $vmconf, $vmid);
3257 $res->{local_disks} = [ values %$local_disks ];;
3258
3259 my $local_resources = PVE::QemuServer::check_local_resources($vmconf, 1);
3260
3261 $res->{local_resources} = $local_resources;
3262
3263 return $res;
3264
3265
3266 }});
3267
3268 __PACKAGE__->register_method({
3269 name => 'migrate_vm',
3270 path => '{vmid}/migrate',
3271 method => 'POST',
3272 protected => 1,
3273 proxyto => 'node',
3274 description => "Migrate virtual machine. Creates a new migration task.",
3275 permissions => {
3276 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
3277 },
3278 parameters => {
3279 additionalProperties => 0,
3280 properties => {
3281 node => get_standard_option('pve-node'),
3282 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3283 target => get_standard_option('pve-node', {
3284 description => "Target node.",
3285 completion => \&PVE::Cluster::complete_migration_target,
3286 }),
3287 online => {
3288 type => 'boolean',
3289 description => "Use online/live migration if VM is running. Ignored if VM is stopped.",
3290 optional => 1,
3291 },
3292 force => {
3293 type => 'boolean',
3294 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
3295 optional => 1,
3296 },
3297 migration_type => {
3298 type => 'string',
3299 enum => ['secure', 'insecure'],
3300 description => "Migration traffic is encrypted using an SSH tunnel by default. On secure, completely private networks this can be disabled to increase performance.",
3301 optional => 1,
3302 },
3303 migration_network => {
3304 type => 'string', format => 'CIDR',
3305 description => "CIDR of the (sub) network that is used for migration.",
3306 optional => 1,
3307 },
3308 "with-local-disks" => {
3309 type => 'boolean',
3310 description => "Enable live storage migration for local disk",
3311 optional => 1,
3312 },
3313 targetstorage => get_standard_option('pve-storage-id', {
3314 description => "Default target storage.",
3315 optional => 1,
3316 completion => \&PVE::QemuServer::complete_migration_storage,
3317 }),
3318 bwlimit => {
3319 description => "Override I/O bandwidth limit (in KiB/s).",
3320 optional => 1,
3321 type => 'integer',
3322 minimum => '0',
3323 default => 'migrate limit from datacenter or storage config',
3324 },
3325 },
3326 },
3327 returns => {
3328 type => 'string',
3329 description => "the task ID.",
3330 },
3331 code => sub {
3332 my ($param) = @_;
3333
3334 my $rpcenv = PVE::RPCEnvironment::get();
3335 my $authuser = $rpcenv->get_user();
3336
3337 my $target = extract_param($param, 'target');
3338
3339 my $localnode = PVE::INotify::nodename();
3340 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
3341
3342 PVE::Cluster::check_cfs_quorum();
3343
3344 PVE::Cluster::check_node_exists($target);
3345
3346 my $targetip = PVE::Cluster::remote_node_ip($target);
3347
3348 my $vmid = extract_param($param, 'vmid');
3349
3350 raise_param_exc({ force => "Only root may use this option." })
3351 if $param->{force} && $authuser ne 'root@pam';
3352
3353 raise_param_exc({ migration_type => "Only root may use this option." })
3354 if $param->{migration_type} && $authuser ne 'root@pam';
3355
3356 # allow root only until better network permissions are available
3357 raise_param_exc({ migration_network => "Only root may use this option." })
3358 if $param->{migration_network} && $authuser ne 'root@pam';
3359
3360 # test if VM exists
3361 my $conf = PVE::QemuConfig->load_config($vmid);
3362
3363 # try to detect errors early
3364
3365 PVE::QemuConfig->check_lock($conf);
3366
3367 if (PVE::QemuServer::check_running($vmid)) {
3368 die "can't migrate running VM without --online\n" if !$param->{online};
3369 } else {
3370 warn "VM isn't running. Doing offline migration instead.\n" if $param->{online};
3371 $param->{online} = 0;
3372 }
3373
3374 raise_param_exc({ targetstorage => "Live storage migration can only be done online." })
3375 if !$param->{online} && $param->{targetstorage};
3376
3377 my $storecfg = PVE::Storage::config();
3378
3379 if( $param->{targetstorage}) {
3380 PVE::Storage::storage_check_node($storecfg, $param->{targetstorage}, $target);
3381 } else {
3382 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
3383 }
3384
3385 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
3386
3387 my $hacmd = sub {
3388 my $upid = shift;
3389
3390 print "Requesting HA migration for VM $vmid to node $target\n";
3391
3392 my $cmd = ['ha-manager', 'migrate', "vm:$vmid", $target];
3393 PVE::Tools::run_command($cmd);
3394 return;
3395 };
3396
3397 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
3398
3399 } else {
3400
3401 my $realcmd = sub {
3402 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
3403 };
3404
3405 my $worker = sub {
3406 return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
3407 };
3408
3409 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $worker);
3410 }
3411
3412 }});
3413
3414 __PACKAGE__->register_method({
3415 name => 'monitor',
3416 path => '{vmid}/monitor',
3417 method => 'POST',
3418 protected => 1,
3419 proxyto => 'node',
3420 description => "Execute Qemu monitor commands.",
3421 permissions => {
3422 description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
3423 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
3424 },
3425 parameters => {
3426 additionalProperties => 0,
3427 properties => {
3428 node => get_standard_option('pve-node'),
3429 vmid => get_standard_option('pve-vmid'),
3430 command => {
3431 type => 'string',
3432 description => "The monitor command.",
3433 }
3434 },
3435 },
3436 returns => { type => 'string'},
3437 code => sub {
3438 my ($param) = @_;
3439
3440 my $rpcenv = PVE::RPCEnvironment::get();
3441 my $authuser = $rpcenv->get_user();
3442
3443 my $is_ro = sub {
3444 my $command = shift;
3445 return $command =~ m/^\s*info(\s+|$)/
3446 || $command =~ m/^\s*help\s*$/;
3447 };
3448
3449 $rpcenv->check_full($authuser, "/", ['Sys.Modify'])
3450 if !&$is_ro($param->{command});
3451
3452 my $vmid = $param->{vmid};
3453
3454 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
3455
3456 my $res = '';
3457 eval {
3458 $res = PVE::QemuServer::Monitor::hmp_cmd($vmid, $param->{command});
3459 };
3460 $res = "ERROR: $@" if $@;
3461
3462 return $res;
3463 }});
3464
3465 __PACKAGE__->register_method({
3466 name => 'resize_vm',
3467 path => '{vmid}/resize',
3468 method => 'PUT',
3469 protected => 1,
3470 proxyto => 'node',
3471 description => "Extend volume size.",
3472 permissions => {
3473 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
3474 },
3475 parameters => {
3476 additionalProperties => 0,
3477 properties => {
3478 node => get_standard_option('pve-node'),
3479 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3480 skiplock => get_standard_option('skiplock'),
3481 disk => {
3482 type => 'string',
3483 description => "The disk you want to resize.",
3484 enum => [PVE::QemuServer::valid_drive_names()],
3485 },
3486 size => {
3487 type => 'string',
3488 pattern => '\+?\d+(\.\d+)?[KMGT]?',
3489 description => "The new size. With the `+` sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
3490 },
3491 digest => {
3492 type => 'string',
3493 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
3494 maxLength => 40,
3495 optional => 1,
3496 },
3497 },
3498 },
3499 returns => { type => 'null'},
3500 code => sub {
3501 my ($param) = @_;
3502
3503 my $rpcenv = PVE::RPCEnvironment::get();
3504
3505 my $authuser = $rpcenv->get_user();
3506
3507 my $node = extract_param($param, 'node');
3508
3509 my $vmid = extract_param($param, 'vmid');
3510
3511 my $digest = extract_param($param, 'digest');
3512
3513 my $disk = extract_param($param, 'disk');
3514
3515 my $sizestr = extract_param($param, 'size');
3516
3517 my $skiplock = extract_param($param, 'skiplock');
3518 raise_param_exc({ skiplock => "Only root may use this option." })
3519 if $skiplock && $authuser ne 'root@pam';
3520
3521 my $storecfg = PVE::Storage::config();
3522
3523 my $updatefn = sub {
3524
3525 my $conf = PVE::QemuConfig->load_config($vmid);
3526
3527 die "checksum missmatch (file change by other user?)\n"
3528 if $digest && $digest ne $conf->{digest};
3529 PVE::QemuConfig->check_lock($conf) if !$skiplock;
3530
3531 die "disk '$disk' does not exist\n" if !$conf->{$disk};
3532
3533 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
3534
3535 my (undef, undef, undef, undef, undef, undef, $format) =
3536 PVE::Storage::parse_volname($storecfg, $drive->{file});
3537
3538 die "can't resize volume: $disk if snapshot exists\n"
3539 if %{$conf->{snapshots}} && $format eq 'qcow2';
3540
3541 my $volid = $drive->{file};
3542
3543 die "disk '$disk' has no associated volume\n" if !$volid;
3544
3545 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
3546
3547 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
3548
3549 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
3550
3551 PVE::Storage::activate_volumes($storecfg, [$volid]);
3552 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
3553
3554 die "Could not determine current size of volume '$volid'\n" if !defined($size);
3555
3556 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
3557 my ($ext, $newsize, $unit) = ($1, $2, $4);
3558 if ($unit) {
3559 if ($unit eq 'K') {
3560 $newsize = $newsize * 1024;
3561 } elsif ($unit eq 'M') {
3562 $newsize = $newsize * 1024 * 1024;
3563 } elsif ($unit eq 'G') {
3564 $newsize = $newsize * 1024 * 1024 * 1024;
3565 } elsif ($unit eq 'T') {
3566 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
3567 }
3568 }
3569 $newsize += $size if $ext;
3570 $newsize = int($newsize);
3571
3572 die "shrinking disks is not supported\n" if $newsize < $size;
3573
3574 return if $size == $newsize;
3575
3576 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
3577
3578 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
3579
3580 $drive->{size} = $newsize;
3581 $conf->{$disk} = PVE::QemuServer::print_drive($drive);
3582
3583 PVE::QemuConfig->write_config($vmid, $conf);
3584 };
3585
3586 PVE::QemuConfig->lock_config($vmid, $updatefn);
3587 return undef;
3588 }});
3589
3590 __PACKAGE__->register_method({
3591 name => 'snapshot_list',
3592 path => '{vmid}/snapshot',
3593 method => 'GET',
3594 description => "List all snapshots.",
3595 permissions => {
3596 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
3597 },
3598 proxyto => 'node',
3599 protected => 1, # qemu pid files are only readable by root
3600 parameters => {
3601 additionalProperties => 0,
3602 properties => {
3603 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3604 node => get_standard_option('pve-node'),
3605 },
3606 },
3607 returns => {
3608 type => 'array',
3609 items => {
3610 type => "object",
3611 properties => {
3612 name => {
3613 description => "Snapshot identifier. Value 'current' identifies the current VM.",
3614 type => 'string',
3615 },
3616 vmstate => {
3617 description => "Snapshot includes RAM.",
3618 type => 'boolean',
3619 optional => 1,
3620 },
3621 description => {
3622 description => "Snapshot description.",
3623 type => 'string',
3624 },
3625 snaptime => {
3626 description => "Snapshot creation time",
3627 type => 'integer',
3628 renderer => 'timestamp',
3629 optional => 1,
3630 },
3631 parent => {
3632 description => "Parent snapshot identifier.",
3633 type => 'string',
3634 optional => 1,
3635 },
3636 },
3637 },
3638 links => [ { rel => 'child', href => "{name}" } ],
3639 },
3640 code => sub {
3641 my ($param) = @_;
3642
3643 my $vmid = $param->{vmid};
3644
3645 my $conf = PVE::QemuConfig->load_config($vmid);
3646 my $snaphash = $conf->{snapshots} || {};
3647
3648 my $res = [];
3649
3650 foreach my $name (keys %$snaphash) {
3651 my $d = $snaphash->{$name};
3652 my $item = {
3653 name => $name,
3654 snaptime => $d->{snaptime} || 0,
3655 vmstate => $d->{vmstate} ? 1 : 0,
3656 description => $d->{description} || '',
3657 };
3658 $item->{parent} = $d->{parent} if $d->{parent};
3659 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
3660 push @$res, $item;
3661 }
3662
3663 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
3664 my $current = {
3665 name => 'current',
3666 digest => $conf->{digest},
3667 running => $running,
3668 description => "You are here!",
3669 };
3670 $current->{parent} = $conf->{parent} if $conf->{parent};
3671
3672 push @$res, $current;
3673
3674 return $res;
3675 }});
3676
3677 __PACKAGE__->register_method({
3678 name => 'snapshot',
3679 path => '{vmid}/snapshot',
3680 method => 'POST',
3681 protected => 1,
3682 proxyto => 'node',
3683 description => "Snapshot a VM.",
3684 permissions => {
3685 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3686 },
3687 parameters => {
3688 additionalProperties => 0,
3689 properties => {
3690 node => get_standard_option('pve-node'),
3691 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3692 snapname => get_standard_option('pve-snapshot-name'),
3693 vmstate => {
3694 optional => 1,
3695 type => 'boolean',
3696 description => "Save the vmstate",
3697 },
3698 description => {
3699 optional => 1,
3700 type => 'string',
3701 description => "A textual description or comment.",
3702 },
3703 },
3704 },
3705 returns => {
3706 type => 'string',
3707 description => "the task ID.",
3708 },
3709 code => sub {
3710 my ($param) = @_;
3711
3712 my $rpcenv = PVE::RPCEnvironment::get();
3713
3714 my $authuser = $rpcenv->get_user();
3715
3716 my $node = extract_param($param, 'node');
3717
3718 my $vmid = extract_param($param, 'vmid');
3719
3720 my $snapname = extract_param($param, 'snapname');
3721
3722 die "unable to use snapshot name 'current' (reserved name)\n"
3723 if $snapname eq 'current';
3724
3725 die "unable to use snapshot name 'pending' (reserved name)\n"
3726 if lc($snapname) eq 'pending';
3727
3728 my $realcmd = sub {
3729 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
3730 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
3731 $param->{description});
3732 };
3733
3734 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
3735 }});
3736
3737 __PACKAGE__->register_method({
3738 name => 'snapshot_cmd_idx',
3739 path => '{vmid}/snapshot/{snapname}',
3740 description => '',
3741 method => 'GET',
3742 permissions => {
3743 user => 'all',
3744 },
3745 parameters => {
3746 additionalProperties => 0,
3747 properties => {
3748 vmid => get_standard_option('pve-vmid'),
3749 node => get_standard_option('pve-node'),
3750 snapname => get_standard_option('pve-snapshot-name'),
3751 },
3752 },
3753 returns => {
3754 type => 'array',
3755 items => {
3756 type => "object",
3757 properties => {},
3758 },
3759 links => [ { rel => 'child', href => "{cmd}" } ],
3760 },
3761 code => sub {
3762 my ($param) = @_;
3763
3764 my $res = [];
3765
3766 push @$res, { cmd => 'rollback' };
3767 push @$res, { cmd => 'config' };
3768
3769 return $res;
3770 }});
3771
3772 __PACKAGE__->register_method({
3773 name => 'update_snapshot_config',
3774 path => '{vmid}/snapshot/{snapname}/config',
3775 method => 'PUT',
3776 protected => 1,
3777 proxyto => 'node',
3778 description => "Update snapshot metadata.",
3779 permissions => {
3780 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3781 },
3782 parameters => {
3783 additionalProperties => 0,
3784 properties => {
3785 node => get_standard_option('pve-node'),
3786 vmid => get_standard_option('pve-vmid'),
3787 snapname => get_standard_option('pve-snapshot-name'),
3788 description => {
3789 optional => 1,
3790 type => 'string',
3791 description => "A textual description or comment.",
3792 },
3793 },
3794 },
3795 returns => { type => 'null' },
3796 code => sub {
3797 my ($param) = @_;
3798
3799 my $rpcenv = PVE::RPCEnvironment::get();
3800
3801 my $authuser = $rpcenv->get_user();
3802
3803 my $vmid = extract_param($param, 'vmid');
3804
3805 my $snapname = extract_param($param, 'snapname');
3806
3807 return undef if !defined($param->{description});
3808
3809 my $updatefn = sub {
3810
3811 my $conf = PVE::QemuConfig->load_config($vmid);
3812
3813 PVE::QemuConfig->check_lock($conf);
3814
3815 my $snap = $conf->{snapshots}->{$snapname};
3816
3817 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3818
3819 $snap->{description} = $param->{description} if defined($param->{description});
3820
3821 PVE::QemuConfig->write_config($vmid, $conf);
3822 };
3823
3824 PVE::QemuConfig->lock_config($vmid, $updatefn);
3825
3826 return undef;
3827 }});
3828
3829 __PACKAGE__->register_method({
3830 name => 'get_snapshot_config',
3831 path => '{vmid}/snapshot/{snapname}/config',
3832 method => 'GET',
3833 proxyto => 'node',
3834 description => "Get snapshot configuration",
3835 permissions => {
3836 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
3837 },
3838 parameters => {
3839 additionalProperties => 0,
3840 properties => {
3841 node => get_standard_option('pve-node'),
3842 vmid => get_standard_option('pve-vmid'),
3843 snapname => get_standard_option('pve-snapshot-name'),
3844 },
3845 },
3846 returns => { type => "object" },
3847 code => sub {
3848 my ($param) = @_;
3849
3850 my $rpcenv = PVE::RPCEnvironment::get();
3851
3852 my $authuser = $rpcenv->get_user();
3853
3854 my $vmid = extract_param($param, 'vmid');
3855
3856 my $snapname = extract_param($param, 'snapname');
3857
3858 my $conf = PVE::QemuConfig->load_config($vmid);
3859
3860 my $snap = $conf->{snapshots}->{$snapname};
3861
3862 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3863
3864 return $snap;
3865 }});
3866
3867 __PACKAGE__->register_method({
3868 name => 'rollback',
3869 path => '{vmid}/snapshot/{snapname}/rollback',
3870 method => 'POST',
3871 protected => 1,
3872 proxyto => 'node',
3873 description => "Rollback VM state to specified snapshot.",
3874 permissions => {
3875 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot', 'VM.Snapshot.Rollback' ], any => 1],
3876 },
3877 parameters => {
3878 additionalProperties => 0,
3879 properties => {
3880 node => get_standard_option('pve-node'),
3881 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3882 snapname => get_standard_option('pve-snapshot-name'),
3883 },
3884 },
3885 returns => {
3886 type => 'string',
3887 description => "the task ID.",
3888 },
3889 code => sub {
3890 my ($param) = @_;
3891
3892 my $rpcenv = PVE::RPCEnvironment::get();
3893
3894 my $authuser = $rpcenv->get_user();
3895
3896 my $node = extract_param($param, 'node');
3897
3898 my $vmid = extract_param($param, 'vmid');
3899
3900 my $snapname = extract_param($param, 'snapname');
3901
3902 my $realcmd = sub {
3903 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3904 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
3905 };
3906
3907 my $worker = sub {
3908 # hold migration lock, this makes sure that nobody create replication snapshots
3909 return PVE::GuestHelpers::guest_migration_lock($vmid, 10, $realcmd);
3910 };
3911
3912 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $worker);
3913 }});
3914
3915 __PACKAGE__->register_method({
3916 name => 'delsnapshot',
3917 path => '{vmid}/snapshot/{snapname}',
3918 method => 'DELETE',
3919 protected => 1,
3920 proxyto => 'node',
3921 description => "Delete a VM snapshot.",
3922 permissions => {
3923 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3924 },
3925 parameters => {
3926 additionalProperties => 0,
3927 properties => {
3928 node => get_standard_option('pve-node'),
3929 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3930 snapname => get_standard_option('pve-snapshot-name'),
3931 force => {
3932 optional => 1,
3933 type => 'boolean',
3934 description => "For removal from config file, even if removing disk snapshots fails.",
3935 },
3936 },
3937 },
3938 returns => {
3939 type => 'string',
3940 description => "the task ID.",
3941 },
3942 code => sub {
3943 my ($param) = @_;
3944
3945 my $rpcenv = PVE::RPCEnvironment::get();
3946
3947 my $authuser = $rpcenv->get_user();
3948
3949 my $node = extract_param($param, 'node');
3950
3951 my $vmid = extract_param($param, 'vmid');
3952
3953 my $snapname = extract_param($param, 'snapname');
3954
3955 my $realcmd = sub {
3956 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3957 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
3958 };
3959
3960 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3961 }});
3962
3963 __PACKAGE__->register_method({
3964 name => 'template',
3965 path => '{vmid}/template',
3966 method => 'POST',
3967 protected => 1,
3968 proxyto => 'node',
3969 description => "Create a Template.",
3970 permissions => {
3971 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3972 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3973 },
3974 parameters => {
3975 additionalProperties => 0,
3976 properties => {
3977 node => get_standard_option('pve-node'),
3978 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3979 disk => {
3980 optional => 1,
3981 type => 'string',
3982 description => "If you want to convert only 1 disk to base image.",
3983 enum => [PVE::QemuServer::valid_drive_names()],
3984 },
3985
3986 },
3987 },
3988 returns => { type => 'null'},
3989 code => sub {
3990 my ($param) = @_;
3991
3992 my $rpcenv = PVE::RPCEnvironment::get();
3993
3994 my $authuser = $rpcenv->get_user();
3995
3996 my $node = extract_param($param, 'node');
3997
3998 my $vmid = extract_param($param, 'vmid');
3999
4000 my $disk = extract_param($param, 'disk');
4001
4002 my $updatefn = sub {
4003
4004 my $conf = PVE::QemuConfig->load_config($vmid);
4005
4006 PVE::QemuConfig->check_lock($conf);
4007
4008 die "unable to create template, because VM contains snapshots\n"
4009 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
4010
4011 die "you can't convert a template to a template\n"
4012 if PVE::QemuConfig->is_template($conf) && !$disk;
4013
4014 die "you can't convert a VM to template if VM is running\n"
4015 if PVE::QemuServer::check_running($vmid);
4016
4017 my $realcmd = sub {
4018 PVE::QemuServer::template_create($vmid, $conf, $disk);
4019 };
4020
4021 $conf->{template} = 1;
4022 PVE::QemuConfig->write_config($vmid, $conf);
4023
4024 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
4025 };
4026
4027 PVE::QemuConfig->lock_config($vmid, $updatefn);
4028 return undef;
4029 }});
4030
4031 __PACKAGE__->register_method({
4032 name => 'cloudinit_generated_config_dump',
4033 path => '{vmid}/cloudinit/dump',
4034 method => 'GET',
4035 proxyto => 'node',
4036 description => "Get automatically generated cloudinit config.",
4037 permissions => {
4038 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
4039 },
4040 parameters => {
4041 additionalProperties => 0,
4042 properties => {
4043 node => get_standard_option('pve-node'),
4044 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
4045 type => {
4046 description => 'Config type.',
4047 type => 'string',
4048 enum => ['user', 'network', 'meta'],
4049 },
4050 },
4051 },
4052 returns => {
4053 type => 'string',
4054 },
4055 code => sub {
4056 my ($param) = @_;
4057
4058 my $conf = PVE::QemuConfig->load_config($param->{vmid});
4059
4060 return PVE::QemuServer::Cloudinit::dump_cloudinit_config($conf, $param->{vmid}, $param->{type});
4061 }});
4062
4063 1;
Virtual Machine Manager