]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
combine option 'format' with previous line (avoid emacs confusion)
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuConfig;
17 use PVE::QemuServer;
18 use PVE::QemuMigrate;
19 use PVE::RPCEnvironment;
20 use PVE::AccessControl;
21 use PVE::INotify;
22 use PVE::Network;
23 use PVE::Firewall;
24 use PVE::API2::Firewall::VM;
25 use PVE::HA::Env::PVE2;
26 use PVE::HA::Config;
27
28 use Data::Dumper; # fixme: remove
29
30 use base qw(PVE::RESTHandler);
31
32 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
33
34 my $resolve_cdrom_alias = sub {
35 my $param = shift;
36
37 if (my $value = $param->{cdrom}) {
38 $value .= ",media=cdrom" if $value !~ m/media=/;
39 $param->{ide2} = $value;
40 delete $param->{cdrom};
41 }
42 };
43
44 my $check_storage_access = sub {
45 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
46
47 PVE::QemuServer::foreach_drive($settings, sub {
48 my ($ds, $drive) = @_;
49
50 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
51
52 my $volid = $drive->{file};
53
54 if (!$volid || $volid eq 'none') {
55 # nothing to check
56 } elsif ($isCDROM && ($volid eq 'cdrom')) {
57 $rpcenv->check($authuser, "/", ['Sys.Console']);
58 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
59 my ($storeid, $size) = ($2 || $default_storage, $3);
60 die "no storage ID specified (and no default storage)\n" if !$storeid;
61 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
62 } else {
63 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
64 }
65 });
66 };
67
68 my $check_storage_access_clone = sub {
69 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
70
71 my $sharedvm = 1;
72
73 PVE::QemuServer::foreach_drive($conf, sub {
74 my ($ds, $drive) = @_;
75
76 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
77
78 my $volid = $drive->{file};
79
80 return if !$volid || $volid eq 'none';
81
82 if ($isCDROM) {
83 if ($volid eq 'cdrom') {
84 $rpcenv->check($authuser, "/", ['Sys.Console']);
85 } else {
86 # we simply allow access
87 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
88 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
89 $sharedvm = 0 if !$scfg->{shared};
90
91 }
92 } else {
93 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
94 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
95 $sharedvm = 0 if !$scfg->{shared};
96
97 $sid = $storage if $storage;
98 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
99 }
100 });
101
102 return $sharedvm;
103 };
104
105 # Note: $pool is only needed when creating a VM, because pool permissions
106 # are automatically inherited if VM already exists inside a pool.
107 my $create_disks = sub {
108 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
109
110 my $vollist = [];
111
112 my $res = {};
113 PVE::QemuServer::foreach_drive($settings, sub {
114 my ($ds, $disk) = @_;
115
116 my $volid = $disk->{file};
117
118 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
119 delete $disk->{size};
120 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
121 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
122 my ($storeid, $size) = ($2 || $default_storage, $3);
123 die "no storage ID specified (and no default storage)\n" if !$storeid;
124 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
125 my $fmt = $disk->{format} || $defformat;
126
127 my $volid;
128 if ($ds eq 'efidisk0') {
129 # handle efidisk
130 my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd';
131 die "uefi vars image not found\n" if ! -f $ovmfvars;
132 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
133 $fmt, undef, 128);
134 $disk->{file} = $volid;
135 $disk->{size} = 128*1024;
136 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
137 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
138 my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname);
139 my $path = PVE::Storage::path($storecfg, $volid);
140 my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-n', '-f', 'raw', '-O', $qemufmt];
141 push @$efidiskcmd, $ovmfvars;
142 push @$efidiskcmd, $path;
143
144 PVE::Storage::activate_volumes($storecfg, [$volid]);
145
146 eval { PVE::Tools::run_command($efidiskcmd); };
147 my $err = $@;
148 die "Copying of EFI Vars image failed: $err" if $err;
149 } else {
150 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
151 $fmt, undef, $size*1024*1024);
152 $disk->{file} = $volid;
153 $disk->{size} = $size*1024*1024*1024;
154 }
155 push @$vollist, $volid;
156 delete $disk->{format}; # no longer needed
157 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
158 } else {
159
160 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
161
162 my $volid_is_new = 1;
163
164 if ($conf->{$ds}) {
165 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
166 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
167 }
168
169 if ($volid_is_new) {
170
171 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
172
173 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
174
175 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
176
177 die "volume $volid does not exists\n" if !$size;
178
179 $disk->{size} = $size;
180 }
181
182 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
183 }
184 });
185
186 # free allocated images on error
187 if (my $err = $@) {
188 syslog('err', "VM $vmid creating disks failed");
189 foreach my $volid (@$vollist) {
190 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
191 warn $@ if $@;
192 }
193 die $err;
194 }
195
196 # modify vm config if everything went well
197 foreach my $ds (keys %$res) {
198 $conf->{$ds} = $res->{$ds};
199 }
200
201 return $vollist;
202 };
203
204 my $cpuoptions = {
205 'cores' => 1,
206 'cpu' => 1,
207 'cpulimit' => 1,
208 'cpuunits' => 1,
209 'numa' => 1,
210 'smp' => 1,
211 'sockets' => 1,
212 'vcpus' => 1,
213 };
214
215 my $memoryoptions = {
216 'memory' => 1,
217 'balloon' => 1,
218 'shares' => 1,
219 };
220
221 my $hwtypeoptions = {
222 'acpi' => 1,
223 'hotplug' => 1,
224 'kvm' => 1,
225 'machine' => 1,
226 'scsihw' => 1,
227 'smbios1' => 1,
228 'tablet' => 1,
229 'vga' => 1,
230 'watchdog' => 1,
231 };
232
233 my $generaloptions = {
234 'agent' => 1,
235 'autostart' => 1,
236 'bios' => 1,
237 'description' => 1,
238 'keyboard' => 1,
239 'localtime' => 1,
240 'migrate_downtime' => 1,
241 'migrate_speed' => 1,
242 'name' => 1,
243 'onboot' => 1,
244 'ostype' => 1,
245 'protection' => 1,
246 'reboot' => 1,
247 'startdate' => 1,
248 'startup' => 1,
249 'tdf' => 1,
250 'template' => 1,
251 };
252
253 my $vmpoweroptions = {
254 'freeze' => 1,
255 };
256
257 my $diskoptions = {
258 'boot' => 1,
259 'bootdisk' => 1,
260 };
261
262 my $check_vm_modify_config_perm = sub {
263 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
264
265 return 1 if $authuser eq 'root@pam';
266
267 foreach my $opt (@$key_list) {
268 # disk checks need to be done somewhere else
269 next if PVE::QemuServer::is_valid_drivename($opt);
270 next if $opt eq 'cdrom';
271 next if $opt =~ m/^unused\d+$/;
272
273 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
274 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
275 } elsif ($memoryoptions->{$opt}) {
276 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
277 } elsif ($hwtypeoptions->{$opt}) {
278 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
279 } elsif ($generaloptions->{$opt}) {
280 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
281 # special case for startup since it changes host behaviour
282 if ($opt eq 'startup') {
283 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
284 }
285 } elsif ($vmpoweroptions->{$opt}) {
286 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
287 } elsif ($diskoptions->{$opt}) {
288 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
289 } elsif ($opt =~ m/^net\d+$/) {
290 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
291 } else {
292 # catches usb\d+, hostpci\d+, args, lock, etc.
293 # new options will be checked here
294 die "only root can set '$opt' config\n";
295 }
296 }
297
298 return 1;
299 };
300
301 __PACKAGE__->register_method({
302 name => 'vmlist',
303 path => '',
304 method => 'GET',
305 description => "Virtual machine index (per node).",
306 permissions => {
307 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
308 user => 'all',
309 },
310 proxyto => 'node',
311 protected => 1, # qemu pid files are only readable by root
312 parameters => {
313 additionalProperties => 0,
314 properties => {
315 node => get_standard_option('pve-node'),
316 full => {
317 type => 'boolean',
318 optional => 1,
319 description => "Determine the full status of active VMs.",
320 },
321 },
322 },
323 returns => {
324 type => 'array',
325 items => {
326 type => "object",
327 properties => {},
328 },
329 links => [ { rel => 'child', href => "{vmid}" } ],
330 },
331 code => sub {
332 my ($param) = @_;
333
334 my $rpcenv = PVE::RPCEnvironment::get();
335 my $authuser = $rpcenv->get_user();
336
337 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
338
339 my $res = [];
340 foreach my $vmid (keys %$vmstatus) {
341 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
342
343 my $data = $vmstatus->{$vmid};
344 $data->{vmid} = int($vmid);
345 push @$res, $data;
346 }
347
348 return $res;
349 }});
350
351
352
353 __PACKAGE__->register_method({
354 name => 'create_vm',
355 path => '',
356 method => 'POST',
357 description => "Create or restore a virtual machine.",
358 permissions => {
359 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
360 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
361 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
362 user => 'all', # check inside
363 },
364 protected => 1,
365 proxyto => 'node',
366 parameters => {
367 additionalProperties => 0,
368 properties => PVE::QemuServer::json_config_properties(
369 {
370 node => get_standard_option('pve-node'),
371 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
372 archive => {
373 description => "The backup file.",
374 type => 'string',
375 optional => 1,
376 maxLength => 255,
377 completion => \&PVE::QemuServer::complete_backup_archives,
378 },
379 storage => get_standard_option('pve-storage-id', {
380 description => "Default storage.",
381 optional => 1,
382 completion => \&PVE::QemuServer::complete_storage,
383 }),
384 force => {
385 optional => 1,
386 type => 'boolean',
387 description => "Allow to overwrite existing VM.",
388 requires => 'archive',
389 },
390 unique => {
391 optional => 1,
392 type => 'boolean',
393 description => "Assign a unique random ethernet address.",
394 requires => 'archive',
395 },
396 pool => {
397 optional => 1,
398 type => 'string', format => 'pve-poolid',
399 description => "Add the VM to the specified pool.",
400 },
401 }),
402 },
403 returns => {
404 type => 'string',
405 },
406 code => sub {
407 my ($param) = @_;
408
409 my $rpcenv = PVE::RPCEnvironment::get();
410
411 my $authuser = $rpcenv->get_user();
412
413 my $node = extract_param($param, 'node');
414
415 my $vmid = extract_param($param, 'vmid');
416
417 my $archive = extract_param($param, 'archive');
418
419 my $storage = extract_param($param, 'storage');
420
421 my $force = extract_param($param, 'force');
422
423 my $unique = extract_param($param, 'unique');
424
425 my $pool = extract_param($param, 'pool');
426
427 my $filename = PVE::QemuConfig->config_file($vmid);
428
429 my $storecfg = PVE::Storage::config();
430
431 PVE::Cluster::check_cfs_quorum();
432
433 if (defined($pool)) {
434 $rpcenv->check_pool_exist($pool);
435 }
436
437 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
438 if defined($storage);
439
440 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
441 # OK
442 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
443 # OK
444 } elsif ($archive && $force && (-f $filename) &&
445 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
446 # OK: user has VM.Backup permissions, and want to restore an existing VM
447 } else {
448 raise_perm_exc();
449 }
450
451 if (!$archive) {
452 &$resolve_cdrom_alias($param);
453
454 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
455
456 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
457
458 foreach my $opt (keys %$param) {
459 if (PVE::QemuServer::is_valid_drivename($opt)) {
460 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
461 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
462
463 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
464 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
465 }
466 }
467
468 PVE::QemuServer::add_random_macs($param);
469 } else {
470 my $keystr = join(' ', keys %$param);
471 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
472
473 if ($archive eq '-') {
474 die "pipe requires cli environment\n"
475 if $rpcenv->{type} ne 'cli';
476 } else {
477 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
478 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
479 }
480 }
481
482 my $restorefn = sub {
483 my $vmlist = PVE::Cluster::get_vmlist();
484 if ($vmlist->{ids}->{$vmid}) {
485 my $current_node = $vmlist->{ids}->{$vmid}->{node};
486 if ($current_node eq $node) {
487 my $conf = PVE::QemuConfig->load_config($vmid);
488
489 PVE::QemuConfig->check_protection($conf, "unable to restore VM $vmid");
490
491 die "unable to restore vm $vmid - config file already exists\n"
492 if !$force;
493
494 die "unable to restore vm $vmid - vm is running\n"
495 if PVE::QemuServer::check_running($vmid);
496
497 die "unable to restore vm $vmid - vm is a template\n"
498 if PVE::QemuConfig->is_template($conf);
499
500 } else {
501 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
502 }
503 }
504
505 my $realcmd = sub {
506 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
507 storage => $storage,
508 pool => $pool,
509 unique => $unique });
510
511 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
512 };
513
514 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
515 };
516
517 my $createfn = sub {
518
519 # test after locking
520 PVE::Cluster::check_vmid_unused($vmid);
521
522 my $realcmd = sub {
523
524 my $vollist = [];
525
526 my $conf = $param;
527
528 eval {
529
530 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
531
532 # try to be smart about bootdisk
533 my @disks = PVE::QemuServer::valid_drive_names();
534 my $firstdisk;
535 foreach my $ds (reverse @disks) {
536 next if !$conf->{$ds};
537 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
538 next if PVE::QemuServer::drive_is_cdrom($disk);
539 $firstdisk = $ds;
540 }
541
542 if (!$conf->{bootdisk} && $firstdisk) {
543 $conf->{bootdisk} = $firstdisk;
544 }
545
546 # auto generate uuid if user did not specify smbios1 option
547 if (!$conf->{smbios1}) {
548 my ($uuid, $uuid_str);
549 UUID::generate($uuid);
550 UUID::unparse($uuid, $uuid_str);
551 $conf->{smbios1} = "uuid=$uuid_str";
552 }
553
554 PVE::QemuConfig->write_config($vmid, $conf);
555
556 };
557 my $err = $@;
558
559 if ($err) {
560 foreach my $volid (@$vollist) {
561 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
562 warn $@ if $@;
563 }
564 die "create failed - $err";
565 }
566
567 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
568 };
569
570 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
571 };
572
573 return PVE::QemuConfig->lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
574 }});
575
576 __PACKAGE__->register_method({
577 name => 'vmdiridx',
578 path => '{vmid}',
579 method => 'GET',
580 proxyto => 'node',
581 description => "Directory index",
582 permissions => {
583 user => 'all',
584 },
585 parameters => {
586 additionalProperties => 0,
587 properties => {
588 node => get_standard_option('pve-node'),
589 vmid => get_standard_option('pve-vmid'),
590 },
591 },
592 returns => {
593 type => 'array',
594 items => {
595 type => "object",
596 properties => {
597 subdir => { type => 'string' },
598 },
599 },
600 links => [ { rel => 'child', href => "{subdir}" } ],
601 },
602 code => sub {
603 my ($param) = @_;
604
605 my $res = [
606 { subdir => 'config' },
607 { subdir => 'pending' },
608 { subdir => 'status' },
609 { subdir => 'unlink' },
610 { subdir => 'vncproxy' },
611 { subdir => 'migrate' },
612 { subdir => 'resize' },
613 { subdir => 'move' },
614 { subdir => 'rrd' },
615 { subdir => 'rrddata' },
616 { subdir => 'monitor' },
617 { subdir => 'snapshot' },
618 { subdir => 'spiceproxy' },
619 { subdir => 'sendkey' },
620 { subdir => 'firewall' },
621 ];
622
623 return $res;
624 }});
625
626 __PACKAGE__->register_method ({
627 subclass => "PVE::API2::Firewall::VM",
628 path => '{vmid}/firewall',
629 });
630
631 __PACKAGE__->register_method({
632 name => 'rrd',
633 path => '{vmid}/rrd',
634 method => 'GET',
635 protected => 1, # fixme: can we avoid that?
636 permissions => {
637 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
638 },
639 description => "Read VM RRD statistics (returns PNG)",
640 parameters => {
641 additionalProperties => 0,
642 properties => {
643 node => get_standard_option('pve-node'),
644 vmid => get_standard_option('pve-vmid'),
645 timeframe => {
646 description => "Specify the time frame you are interested in.",
647 type => 'string',
648 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
649 },
650 ds => {
651 description => "The list of datasources you want to display.",
652 type => 'string', format => 'pve-configid-list',
653 },
654 cf => {
655 description => "The RRD consolidation function",
656 type => 'string',
657 enum => [ 'AVERAGE', 'MAX' ],
658 optional => 1,
659 },
660 },
661 },
662 returns => {
663 type => "object",
664 properties => {
665 filename => { type => 'string' },
666 },
667 },
668 code => sub {
669 my ($param) = @_;
670
671 return PVE::Cluster::create_rrd_graph(
672 "pve2-vm/$param->{vmid}", $param->{timeframe},
673 $param->{ds}, $param->{cf});
674
675 }});
676
677 __PACKAGE__->register_method({
678 name => 'rrddata',
679 path => '{vmid}/rrddata',
680 method => 'GET',
681 protected => 1, # fixme: can we avoid that?
682 permissions => {
683 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
684 },
685 description => "Read VM RRD statistics",
686 parameters => {
687 additionalProperties => 0,
688 properties => {
689 node => get_standard_option('pve-node'),
690 vmid => get_standard_option('pve-vmid'),
691 timeframe => {
692 description => "Specify the time frame you are interested in.",
693 type => 'string',
694 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
695 },
696 cf => {
697 description => "The RRD consolidation function",
698 type => 'string',
699 enum => [ 'AVERAGE', 'MAX' ],
700 optional => 1,
701 },
702 },
703 },
704 returns => {
705 type => "array",
706 items => {
707 type => "object",
708 properties => {},
709 },
710 },
711 code => sub {
712 my ($param) = @_;
713
714 return PVE::Cluster::create_rrd_data(
715 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
716 }});
717
718
719 __PACKAGE__->register_method({
720 name => 'vm_config',
721 path => '{vmid}/config',
722 method => 'GET',
723 proxyto => 'node',
724 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
725 permissions => {
726 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
727 },
728 parameters => {
729 additionalProperties => 0,
730 properties => {
731 node => get_standard_option('pve-node'),
732 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
733 current => {
734 description => "Get current values (instead of pending values).",
735 optional => 1,
736 default => 0,
737 type => 'boolean',
738 },
739 },
740 },
741 returns => {
742 type => "object",
743 properties => {
744 digest => {
745 type => 'string',
746 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
747 }
748 },
749 },
750 code => sub {
751 my ($param) = @_;
752
753 my $conf = PVE::QemuConfig->load_config($param->{vmid});
754
755 delete $conf->{snapshots};
756
757 if (!$param->{current}) {
758 foreach my $opt (keys %{$conf->{pending}}) {
759 next if $opt eq 'delete';
760 my $value = $conf->{pending}->{$opt};
761 next if ref($value); # just to be sure
762 $conf->{$opt} = $value;
763 }
764 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
765 foreach my $opt (keys %$pending_delete_hash) {
766 delete $conf->{$opt} if $conf->{$opt};
767 }
768 }
769
770 delete $conf->{pending};
771
772 return $conf;
773 }});
774
775 __PACKAGE__->register_method({
776 name => 'vm_pending',
777 path => '{vmid}/pending',
778 method => 'GET',
779 proxyto => 'node',
780 description => "Get virtual machine configuration, including pending changes.",
781 permissions => {
782 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
783 },
784 parameters => {
785 additionalProperties => 0,
786 properties => {
787 node => get_standard_option('pve-node'),
788 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
789 },
790 },
791 returns => {
792 type => "array",
793 items => {
794 type => "object",
795 properties => {
796 key => {
797 description => "Configuration option name.",
798 type => 'string',
799 },
800 value => {
801 description => "Current value.",
802 type => 'string',
803 optional => 1,
804 },
805 pending => {
806 description => "Pending value.",
807 type => 'string',
808 optional => 1,
809 },
810 delete => {
811 description => "Indicates a pending delete request if present and not 0. " .
812 "The value 2 indicates a force-delete request.",
813 type => 'integer',
814 minimum => 0,
815 maximum => 2,
816 optional => 1,
817 },
818 },
819 },
820 },
821 code => sub {
822 my ($param) = @_;
823
824 my $conf = PVE::QemuConfig->load_config($param->{vmid});
825
826 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
827
828 my $res = [];
829
830 foreach my $opt (keys %$conf) {
831 next if ref($conf->{$opt});
832 my $item = { key => $opt };
833 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
834 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
835 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
836 push @$res, $item;
837 }
838
839 foreach my $opt (keys %{$conf->{pending}}) {
840 next if $opt eq 'delete';
841 next if ref($conf->{pending}->{$opt}); # just to be sure
842 next if defined($conf->{$opt});
843 my $item = { key => $opt };
844 $item->{pending} = $conf->{pending}->{$opt};
845 push @$res, $item;
846 }
847
848 while (my ($opt, $force) = each %$pending_delete_hash) {
849 next if $conf->{pending}->{$opt}; # just to be sure
850 next if $conf->{$opt};
851 my $item = { key => $opt, delete => ($force ? 2 : 1)};
852 push @$res, $item;
853 }
854
855 return $res;
856 }});
857
858 # POST/PUT {vmid}/config implementation
859 #
860 # The original API used PUT (idempotent) an we assumed that all operations
861 # are fast. But it turned out that almost any configuration change can
862 # involve hot-plug actions, or disk alloc/free. Such actions can take long
863 # time to complete and have side effects (not idempotent).
864 #
865 # The new implementation uses POST and forks a worker process. We added
866 # a new option 'background_delay'. If specified we wait up to
867 # 'background_delay' second for the worker task to complete. It returns null
868 # if the task is finished within that time, else we return the UPID.
869
870 my $update_vm_api = sub {
871 my ($param, $sync) = @_;
872
873 my $rpcenv = PVE::RPCEnvironment::get();
874
875 my $authuser = $rpcenv->get_user();
876
877 my $node = extract_param($param, 'node');
878
879 my $vmid = extract_param($param, 'vmid');
880
881 my $digest = extract_param($param, 'digest');
882
883 my $background_delay = extract_param($param, 'background_delay');
884
885 my @paramarr = (); # used for log message
886 foreach my $key (keys %$param) {
887 push @paramarr, "-$key", $param->{$key};
888 }
889
890 my $skiplock = extract_param($param, 'skiplock');
891 raise_param_exc({ skiplock => "Only root may use this option." })
892 if $skiplock && $authuser ne 'root@pam';
893
894 my $delete_str = extract_param($param, 'delete');
895
896 my $revert_str = extract_param($param, 'revert');
897
898 my $force = extract_param($param, 'force');
899
900 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
901
902 my $storecfg = PVE::Storage::config();
903
904 my $defaults = PVE::QemuServer::load_defaults();
905
906 &$resolve_cdrom_alias($param);
907
908 # now try to verify all parameters
909
910 my $revert = {};
911 foreach my $opt (PVE::Tools::split_list($revert_str)) {
912 if (!PVE::QemuServer::option_exists($opt)) {
913 raise_param_exc({ revert => "unknown option '$opt'" });
914 }
915
916 raise_param_exc({ delete => "you can't use '-$opt' and " .
917 "-revert $opt' at the same time" })
918 if defined($param->{$opt});
919
920 $revert->{$opt} = 1;
921 }
922
923 my @delete = ();
924 foreach my $opt (PVE::Tools::split_list($delete_str)) {
925 $opt = 'ide2' if $opt eq 'cdrom';
926
927 raise_param_exc({ delete => "you can't use '-$opt' and " .
928 "-delete $opt' at the same time" })
929 if defined($param->{$opt});
930
931 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
932 "-revert $opt' at the same time" })
933 if $revert->{$opt};
934
935 if (!PVE::QemuServer::option_exists($opt)) {
936 raise_param_exc({ delete => "unknown option '$opt'" });
937 }
938
939 push @delete, $opt;
940 }
941
942 foreach my $opt (keys %$param) {
943 if (PVE::QemuServer::is_valid_drivename($opt)) {
944 # cleanup drive path
945 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
946 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
947 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
948 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
949 } elsif ($opt =~ m/^net(\d+)$/) {
950 # add macaddr
951 my $net = PVE::QemuServer::parse_net($param->{$opt});
952 $param->{$opt} = PVE::QemuServer::print_net($net);
953 }
954 }
955
956 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
957
958 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
959
960 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
961
962 my $updatefn = sub {
963
964 my $conf = PVE::QemuConfig->load_config($vmid);
965
966 die "checksum missmatch (file change by other user?)\n"
967 if $digest && $digest ne $conf->{digest};
968
969 PVE::QemuConfig->check_lock($conf) if !$skiplock;
970
971 foreach my $opt (keys %$revert) {
972 if (defined($conf->{$opt})) {
973 $param->{$opt} = $conf->{$opt};
974 } elsif (defined($conf->{pending}->{$opt})) {
975 push @delete, $opt;
976 }
977 }
978
979 if ($param->{memory} || defined($param->{balloon})) {
980 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
981 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
982
983 die "balloon value too large (must be smaller than assigned memory)\n"
984 if $balloon && $balloon > $maxmem;
985 }
986
987 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
988
989 my $worker = sub {
990
991 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
992
993 # write updates to pending section
994
995 my $modified = {}; # record what $option we modify
996
997 foreach my $opt (@delete) {
998 $modified->{$opt} = 1;
999 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1000 if ($opt =~ m/^unused/) {
1001 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
1002 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
1003 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1004 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
1005 delete $conf->{$opt};
1006 PVE::QemuConfig->write_config($vmid, $conf);
1007 }
1008 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1009 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
1010 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1011 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1012 if defined($conf->{pending}->{$opt});
1013 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1014 PVE::QemuConfig->write_config($vmid, $conf);
1015 } else {
1016 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1017 PVE::QemuConfig->write_config($vmid, $conf);
1018 }
1019 }
1020
1021 foreach my $opt (keys %$param) { # add/change
1022 $modified->{$opt} = 1;
1023 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1024 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1025
1026 if (PVE::QemuServer::is_valid_drivename($opt)) {
1027 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1028 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1029 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1030 } else {
1031 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1032 }
1033 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1034 if defined($conf->{pending}->{$opt});
1035
1036 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1037 } else {
1038 $conf->{pending}->{$opt} = $param->{$opt};
1039 }
1040 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
1041 PVE::QemuConfig->write_config($vmid, $conf);
1042 }
1043
1044 # remove pending changes when nothing changed
1045 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1046 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
1047 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
1048
1049 return if !scalar(keys %{$conf->{pending}});
1050
1051 my $running = PVE::QemuServer::check_running($vmid);
1052
1053 # apply pending changes
1054
1055 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1056
1057 if ($running) {
1058 my $errors = {};
1059 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1060 raise_param_exc($errors) if scalar(keys %$errors);
1061 } else {
1062 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1063 }
1064
1065 return;
1066 };
1067
1068 if ($sync) {
1069 &$worker();
1070 return undef;
1071 } else {
1072 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1073
1074 if ($background_delay) {
1075
1076 # Note: It would be better to do that in the Event based HTTPServer
1077 # to avoid blocking call to sleep.
1078
1079 my $end_time = time() + $background_delay;
1080
1081 my $task = PVE::Tools::upid_decode($upid);
1082
1083 my $running = 1;
1084 while (time() < $end_time) {
1085 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1086 last if !$running;
1087 sleep(1); # this gets interrupted when child process ends
1088 }
1089
1090 if (!$running) {
1091 my $status = PVE::Tools::upid_read_status($upid);
1092 return undef if $status eq 'OK';
1093 die $status;
1094 }
1095 }
1096
1097 return $upid;
1098 }
1099 };
1100
1101 return PVE::QemuConfig->lock_config($vmid, $updatefn);
1102 };
1103
1104 my $vm_config_perm_list = [
1105 'VM.Config.Disk',
1106 'VM.Config.CDROM',
1107 'VM.Config.CPU',
1108 'VM.Config.Memory',
1109 'VM.Config.Network',
1110 'VM.Config.HWType',
1111 'VM.Config.Options',
1112 ];
1113
1114 __PACKAGE__->register_method({
1115 name => 'update_vm_async',
1116 path => '{vmid}/config',
1117 method => 'POST',
1118 protected => 1,
1119 proxyto => 'node',
1120 description => "Set virtual machine options (asynchrounous API).",
1121 permissions => {
1122 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1123 },
1124 parameters => {
1125 additionalProperties => 0,
1126 properties => PVE::QemuServer::json_config_properties(
1127 {
1128 node => get_standard_option('pve-node'),
1129 vmid => get_standard_option('pve-vmid'),
1130 skiplock => get_standard_option('skiplock'),
1131 delete => {
1132 type => 'string', format => 'pve-configid-list',
1133 description => "A list of settings you want to delete.",
1134 optional => 1,
1135 },
1136 revert => {
1137 type => 'string', format => 'pve-configid-list',
1138 description => "Revert a pending change.",
1139 optional => 1,
1140 },
1141 force => {
1142 type => 'boolean',
1143 description => $opt_force_description,
1144 optional => 1,
1145 requires => 'delete',
1146 },
1147 digest => {
1148 type => 'string',
1149 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1150 maxLength => 40,
1151 optional => 1,
1152 },
1153 background_delay => {
1154 type => 'integer',
1155 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1156 minimum => 1,
1157 maximum => 30,
1158 optional => 1,
1159 },
1160 }),
1161 },
1162 returns => {
1163 type => 'string',
1164 optional => 1,
1165 },
1166 code => $update_vm_api,
1167 });
1168
1169 __PACKAGE__->register_method({
1170 name => 'update_vm',
1171 path => '{vmid}/config',
1172 method => 'PUT',
1173 protected => 1,
1174 proxyto => 'node',
1175 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1176 permissions => {
1177 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1178 },
1179 parameters => {
1180 additionalProperties => 0,
1181 properties => PVE::QemuServer::json_config_properties(
1182 {
1183 node => get_standard_option('pve-node'),
1184 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1185 skiplock => get_standard_option('skiplock'),
1186 delete => {
1187 type => 'string', format => 'pve-configid-list',
1188 description => "A list of settings you want to delete.",
1189 optional => 1,
1190 },
1191 revert => {
1192 type => 'string', format => 'pve-configid-list',
1193 description => "Revert a pending change.",
1194 optional => 1,
1195 },
1196 force => {
1197 type => 'boolean',
1198 description => $opt_force_description,
1199 optional => 1,
1200 requires => 'delete',
1201 },
1202 digest => {
1203 type => 'string',
1204 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1205 maxLength => 40,
1206 optional => 1,
1207 },
1208 }),
1209 },
1210 returns => { type => 'null' },
1211 code => sub {
1212 my ($param) = @_;
1213 &$update_vm_api($param, 1);
1214 return undef;
1215 }
1216 });
1217
1218
1219 __PACKAGE__->register_method({
1220 name => 'destroy_vm',
1221 path => '{vmid}',
1222 method => 'DELETE',
1223 protected => 1,
1224 proxyto => 'node',
1225 description => "Destroy the vm (also delete all used/owned volumes).",
1226 permissions => {
1227 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1228 },
1229 parameters => {
1230 additionalProperties => 0,
1231 properties => {
1232 node => get_standard_option('pve-node'),
1233 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1234 skiplock => get_standard_option('skiplock'),
1235 },
1236 },
1237 returns => {
1238 type => 'string',
1239 },
1240 code => sub {
1241 my ($param) = @_;
1242
1243 my $rpcenv = PVE::RPCEnvironment::get();
1244
1245 my $authuser = $rpcenv->get_user();
1246
1247 my $vmid = $param->{vmid};
1248
1249 my $skiplock = $param->{skiplock};
1250 raise_param_exc({ skiplock => "Only root may use this option." })
1251 if $skiplock && $authuser ne 'root@pam';
1252
1253 # test if VM exists
1254 my $conf = PVE::QemuConfig->load_config($vmid);
1255
1256 my $storecfg = PVE::Storage::config();
1257
1258 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
1259
1260 die "unable to remove VM $vmid - used in HA resources\n"
1261 if PVE::HA::Config::vm_is_ha_managed($vmid);
1262
1263 # early tests (repeat after locking)
1264 die "VM $vmid is running - destroy failed\n"
1265 if PVE::QemuServer::check_running($vmid);
1266
1267 my $realcmd = sub {
1268 my $upid = shift;
1269
1270 syslog('info', "destroy VM $vmid: $upid\n");
1271
1272 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1273
1274 PVE::AccessControl::remove_vm_access($vmid);
1275
1276 PVE::Firewall::remove_vmfw_conf($vmid);
1277 };
1278
1279 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1280 }});
1281
1282 __PACKAGE__->register_method({
1283 name => 'unlink',
1284 path => '{vmid}/unlink',
1285 method => 'PUT',
1286 protected => 1,
1287 proxyto => 'node',
1288 description => "Unlink/delete disk images.",
1289 permissions => {
1290 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1291 },
1292 parameters => {
1293 additionalProperties => 0,
1294 properties => {
1295 node => get_standard_option('pve-node'),
1296 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1297 idlist => {
1298 type => 'string', format => 'pve-configid-list',
1299 description => "A list of disk IDs you want to delete.",
1300 },
1301 force => {
1302 type => 'boolean',
1303 description => $opt_force_description,
1304 optional => 1,
1305 },
1306 },
1307 },
1308 returns => { type => 'null'},
1309 code => sub {
1310 my ($param) = @_;
1311
1312 $param->{delete} = extract_param($param, 'idlist');
1313
1314 __PACKAGE__->update_vm($param);
1315
1316 return undef;
1317 }});
1318
1319 my $sslcert;
1320
1321 __PACKAGE__->register_method({
1322 name => 'vncproxy',
1323 path => '{vmid}/vncproxy',
1324 method => 'POST',
1325 protected => 1,
1326 permissions => {
1327 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1328 },
1329 description => "Creates a TCP VNC proxy connections.",
1330 parameters => {
1331 additionalProperties => 0,
1332 properties => {
1333 node => get_standard_option('pve-node'),
1334 vmid => get_standard_option('pve-vmid'),
1335 websocket => {
1336 optional => 1,
1337 type => 'boolean',
1338 description => "starts websockify instead of vncproxy",
1339 },
1340 },
1341 },
1342 returns => {
1343 additionalProperties => 0,
1344 properties => {
1345 user => { type => 'string' },
1346 ticket => { type => 'string' },
1347 cert => { type => 'string' },
1348 port => { type => 'integer' },
1349 upid => { type => 'string' },
1350 },
1351 },
1352 code => sub {
1353 my ($param) = @_;
1354
1355 my $rpcenv = PVE::RPCEnvironment::get();
1356
1357 my $authuser = $rpcenv->get_user();
1358
1359 my $vmid = $param->{vmid};
1360 my $node = $param->{node};
1361 my $websocket = $param->{websocket};
1362
1363 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1364
1365 my $authpath = "/vms/$vmid";
1366
1367 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1368
1369 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1370 if !$sslcert;
1371
1372 my ($remip, $family);
1373 my $remcmd = [];
1374
1375 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1376 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
1377 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1378 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1379 } else {
1380 $family = PVE::Tools::get_host_address_family($node);
1381 }
1382
1383 my $port = PVE::Tools::next_vnc_port($family);
1384
1385 my $timeout = 10;
1386
1387 my $realcmd = sub {
1388 my $upid = shift;
1389
1390 syslog('info', "starting vnc proxy $upid\n");
1391
1392 my $cmd;
1393
1394 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1395
1396 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1397
1398 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1399 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1400 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1401 '-timeout', $timeout, '-authpath', $authpath,
1402 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1403 } else {
1404
1405 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1406
1407 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1408
1409 my $qmstr = join(' ', @$qmcmd);
1410
1411 # also redirect stderr (else we get RFB protocol errors)
1412 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1413 }
1414
1415 PVE::Tools::run_command($cmd);
1416
1417 return;
1418 };
1419
1420 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1421
1422 PVE::Tools::wait_for_vnc_port($port);
1423
1424 return {
1425 user => $authuser,
1426 ticket => $ticket,
1427 port => $port,
1428 upid => $upid,
1429 cert => $sslcert,
1430 };
1431 }});
1432
1433 __PACKAGE__->register_method({
1434 name => 'vncwebsocket',
1435 path => '{vmid}/vncwebsocket',
1436 method => 'GET',
1437 permissions => {
1438 description => "You also need to pass a valid ticket (vncticket).",
1439 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1440 },
1441 description => "Opens a weksocket for VNC traffic.",
1442 parameters => {
1443 additionalProperties => 0,
1444 properties => {
1445 node => get_standard_option('pve-node'),
1446 vmid => get_standard_option('pve-vmid'),
1447 vncticket => {
1448 description => "Ticket from previous call to vncproxy.",
1449 type => 'string',
1450 maxLength => 512,
1451 },
1452 port => {
1453 description => "Port number returned by previous vncproxy call.",
1454 type => 'integer',
1455 minimum => 5900,
1456 maximum => 5999,
1457 },
1458 },
1459 },
1460 returns => {
1461 type => "object",
1462 properties => {
1463 port => { type => 'string' },
1464 },
1465 },
1466 code => sub {
1467 my ($param) = @_;
1468
1469 my $rpcenv = PVE::RPCEnvironment::get();
1470
1471 my $authuser = $rpcenv->get_user();
1472
1473 my $vmid = $param->{vmid};
1474 my $node = $param->{node};
1475
1476 my $authpath = "/vms/$vmid";
1477
1478 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1479
1480 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
1481
1482 # Note: VNC ports are acessible from outside, so we do not gain any
1483 # security if we verify that $param->{port} belongs to VM $vmid. This
1484 # check is done by verifying the VNC ticket (inside VNC protocol).
1485
1486 my $port = $param->{port};
1487
1488 return { port => $port };
1489 }});
1490
1491 __PACKAGE__->register_method({
1492 name => 'spiceproxy',
1493 path => '{vmid}/spiceproxy',
1494 method => 'POST',
1495 protected => 1,
1496 proxyto => 'node',
1497 permissions => {
1498 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1499 },
1500 description => "Returns a SPICE configuration to connect to the VM.",
1501 parameters => {
1502 additionalProperties => 0,
1503 properties => {
1504 node => get_standard_option('pve-node'),
1505 vmid => get_standard_option('pve-vmid'),
1506 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1507 },
1508 },
1509 returns => get_standard_option('remote-viewer-config'),
1510 code => sub {
1511 my ($param) = @_;
1512
1513 my $rpcenv = PVE::RPCEnvironment::get();
1514
1515 my $authuser = $rpcenv->get_user();
1516
1517 my $vmid = $param->{vmid};
1518 my $node = $param->{node};
1519 my $proxy = $param->{proxy};
1520
1521 my $conf = PVE::QemuConfig->load_config($vmid, $node);
1522 my $title = "VM $vmid";
1523 $title .= " - ". $conf->{name} if $conf->{name};
1524
1525 my $port = PVE::QemuServer::spice_port($vmid);
1526
1527 my ($ticket, undef, $remote_viewer_config) =
1528 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1529
1530 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1531 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1532
1533 return $remote_viewer_config;
1534 }});
1535
1536 __PACKAGE__->register_method({
1537 name => 'vmcmdidx',
1538 path => '{vmid}/status',
1539 method => 'GET',
1540 proxyto => 'node',
1541 description => "Directory index",
1542 permissions => {
1543 user => 'all',
1544 },
1545 parameters => {
1546 additionalProperties => 0,
1547 properties => {
1548 node => get_standard_option('pve-node'),
1549 vmid => get_standard_option('pve-vmid'),
1550 },
1551 },
1552 returns => {
1553 type => 'array',
1554 items => {
1555 type => "object",
1556 properties => {
1557 subdir => { type => 'string' },
1558 },
1559 },
1560 links => [ { rel => 'child', href => "{subdir}" } ],
1561 },
1562 code => sub {
1563 my ($param) = @_;
1564
1565 # test if VM exists
1566 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1567
1568 my $res = [
1569 { subdir => 'current' },
1570 { subdir => 'start' },
1571 { subdir => 'stop' },
1572 ];
1573
1574 return $res;
1575 }});
1576
1577 __PACKAGE__->register_method({
1578 name => 'vm_status',
1579 path => '{vmid}/status/current',
1580 method => 'GET',
1581 proxyto => 'node',
1582 protected => 1, # qemu pid files are only readable by root
1583 description => "Get virtual machine status.",
1584 permissions => {
1585 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1586 },
1587 parameters => {
1588 additionalProperties => 0,
1589 properties => {
1590 node => get_standard_option('pve-node'),
1591 vmid => get_standard_option('pve-vmid'),
1592 },
1593 },
1594 returns => { type => 'object' },
1595 code => sub {
1596 my ($param) = @_;
1597
1598 # test if VM exists
1599 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1600
1601 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1602 my $status = $vmstatus->{$param->{vmid}};
1603
1604 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
1605
1606 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1607
1608 return $status;
1609 }});
1610
1611 __PACKAGE__->register_method({
1612 name => 'vm_start',
1613 path => '{vmid}/status/start',
1614 method => 'POST',
1615 protected => 1,
1616 proxyto => 'node',
1617 description => "Start virtual machine.",
1618 permissions => {
1619 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1620 },
1621 parameters => {
1622 additionalProperties => 0,
1623 properties => {
1624 node => get_standard_option('pve-node'),
1625 vmid => get_standard_option('pve-vmid',
1626 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1627 skiplock => get_standard_option('skiplock'),
1628 stateuri => get_standard_option('pve-qm-stateuri'),
1629 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1630 migration_type => {
1631 type => 'string',
1632 enum => ['secure', 'insecure'],
1633 description => "Migration traffic is encrypted using an SSH " .
1634 "tunnel by default. On secure, completely private networks " .
1635 "this can be disabled to increase performance.",
1636 optional => 1,
1637 },
1638 migration_network => {
1639 type => 'string', format => 'CIDR',
1640 description => "CIDR of the (sub) network that is used for migration.",
1641 optional => 1,
1642 },
1643 machine => get_standard_option('pve-qm-machine'),
1644 },
1645 },
1646 returns => {
1647 type => 'string',
1648 },
1649 code => sub {
1650 my ($param) = @_;
1651
1652 my $rpcenv = PVE::RPCEnvironment::get();
1653
1654 my $authuser = $rpcenv->get_user();
1655
1656 my $node = extract_param($param, 'node');
1657
1658 my $vmid = extract_param($param, 'vmid');
1659
1660 my $machine = extract_param($param, 'machine');
1661
1662 my $stateuri = extract_param($param, 'stateuri');
1663 raise_param_exc({ stateuri => "Only root may use this option." })
1664 if $stateuri && $authuser ne 'root@pam';
1665
1666 my $skiplock = extract_param($param, 'skiplock');
1667 raise_param_exc({ skiplock => "Only root may use this option." })
1668 if $skiplock && $authuser ne 'root@pam';
1669
1670 my $migratedfrom = extract_param($param, 'migratedfrom');
1671 raise_param_exc({ migratedfrom => "Only root may use this option." })
1672 if $migratedfrom && $authuser ne 'root@pam';
1673
1674 my $migration_type = extract_param($param, 'migration_type');
1675 raise_param_exc({ migration_type => "Only root may use this option." })
1676 if $migration_type && $authuser ne 'root@pam';
1677
1678 my $migration_network = extract_param($param, 'migration_network');
1679 raise_param_exc({ migration_network => "Only root may use this option." })
1680 if $migration_network && $authuser ne 'root@pam';
1681
1682 # read spice ticket from STDIN
1683 my $spice_ticket;
1684 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1685 if (defined(my $line = <>)) {
1686 chomp $line;
1687 $spice_ticket = $line;
1688 }
1689 }
1690
1691 PVE::Cluster::check_cfs_quorum();
1692
1693 my $storecfg = PVE::Storage::config();
1694
1695 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1696 $rpcenv->{type} ne 'ha') {
1697
1698 my $hacmd = sub {
1699 my $upid = shift;
1700
1701 my $service = "vm:$vmid";
1702
1703 my $cmd = ['ha-manager', 'set', $service, '--state', 'started'];
1704
1705 print "Executing HA start for VM $vmid\n";
1706
1707 PVE::Tools::run_command($cmd);
1708
1709 return;
1710 };
1711
1712 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1713
1714 } else {
1715
1716 my $realcmd = sub {
1717 my $upid = shift;
1718
1719 syslog('info', "start VM $vmid: $upid\n");
1720
1721 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1722 $machine, $spice_ticket, $migration_network, $migration_type);
1723
1724 return;
1725 };
1726
1727 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1728 }
1729 }});
1730
1731 __PACKAGE__->register_method({
1732 name => 'vm_stop',
1733 path => '{vmid}/status/stop',
1734 method => 'POST',
1735 protected => 1,
1736 proxyto => 'node',
1737 description => "Stop virtual machine. The qemu process will exit immediately. This" .
1738 "is akin to pulling the power plug of a running computer and may damage the VM data",
1739 permissions => {
1740 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1741 },
1742 parameters => {
1743 additionalProperties => 0,
1744 properties => {
1745 node => get_standard_option('pve-node'),
1746 vmid => get_standard_option('pve-vmid',
1747 { completion => \&PVE::QemuServer::complete_vmid_running }),
1748 skiplock => get_standard_option('skiplock'),
1749 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1750 timeout => {
1751 description => "Wait maximal timeout seconds.",
1752 type => 'integer',
1753 minimum => 0,
1754 optional => 1,
1755 },
1756 keepActive => {
1757 description => "Do not deactivate storage volumes.",
1758 type => 'boolean',
1759 optional => 1,
1760 default => 0,
1761 }
1762 },
1763 },
1764 returns => {
1765 type => 'string',
1766 },
1767 code => sub {
1768 my ($param) = @_;
1769
1770 my $rpcenv = PVE::RPCEnvironment::get();
1771
1772 my $authuser = $rpcenv->get_user();
1773
1774 my $node = extract_param($param, 'node');
1775
1776 my $vmid = extract_param($param, 'vmid');
1777
1778 my $skiplock = extract_param($param, 'skiplock');
1779 raise_param_exc({ skiplock => "Only root may use this option." })
1780 if $skiplock && $authuser ne 'root@pam';
1781
1782 my $keepActive = extract_param($param, 'keepActive');
1783 raise_param_exc({ keepActive => "Only root may use this option." })
1784 if $keepActive && $authuser ne 'root@pam';
1785
1786 my $migratedfrom = extract_param($param, 'migratedfrom');
1787 raise_param_exc({ migratedfrom => "Only root may use this option." })
1788 if $migratedfrom && $authuser ne 'root@pam';
1789
1790
1791 my $storecfg = PVE::Storage::config();
1792
1793 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1794
1795 my $hacmd = sub {
1796 my $upid = shift;
1797
1798 my $service = "vm:$vmid";
1799
1800 my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
1801
1802 print "Executing HA stop for VM $vmid\n";
1803
1804 PVE::Tools::run_command($cmd);
1805
1806 return;
1807 };
1808
1809 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1810
1811 } else {
1812 my $realcmd = sub {
1813 my $upid = shift;
1814
1815 syslog('info', "stop VM $vmid: $upid\n");
1816
1817 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1818 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1819
1820 return;
1821 };
1822
1823 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1824 }
1825 }});
1826
1827 __PACKAGE__->register_method({
1828 name => 'vm_reset',
1829 path => '{vmid}/status/reset',
1830 method => 'POST',
1831 protected => 1,
1832 proxyto => 'node',
1833 description => "Reset virtual machine.",
1834 permissions => {
1835 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1836 },
1837 parameters => {
1838 additionalProperties => 0,
1839 properties => {
1840 node => get_standard_option('pve-node'),
1841 vmid => get_standard_option('pve-vmid',
1842 { completion => \&PVE::QemuServer::complete_vmid_running }),
1843 skiplock => get_standard_option('skiplock'),
1844 },
1845 },
1846 returns => {
1847 type => 'string',
1848 },
1849 code => sub {
1850 my ($param) = @_;
1851
1852 my $rpcenv = PVE::RPCEnvironment::get();
1853
1854 my $authuser = $rpcenv->get_user();
1855
1856 my $node = extract_param($param, 'node');
1857
1858 my $vmid = extract_param($param, 'vmid');
1859
1860 my $skiplock = extract_param($param, 'skiplock');
1861 raise_param_exc({ skiplock => "Only root may use this option." })
1862 if $skiplock && $authuser ne 'root@pam';
1863
1864 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1865
1866 my $realcmd = sub {
1867 my $upid = shift;
1868
1869 PVE::QemuServer::vm_reset($vmid, $skiplock);
1870
1871 return;
1872 };
1873
1874 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1875 }});
1876
1877 __PACKAGE__->register_method({
1878 name => 'vm_shutdown',
1879 path => '{vmid}/status/shutdown',
1880 method => 'POST',
1881 protected => 1,
1882 proxyto => 'node',
1883 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
1884 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
1885 permissions => {
1886 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1887 },
1888 parameters => {
1889 additionalProperties => 0,
1890 properties => {
1891 node => get_standard_option('pve-node'),
1892 vmid => get_standard_option('pve-vmid',
1893 { completion => \&PVE::QemuServer::complete_vmid_running }),
1894 skiplock => get_standard_option('skiplock'),
1895 timeout => {
1896 description => "Wait maximal timeout seconds.",
1897 type => 'integer',
1898 minimum => 0,
1899 optional => 1,
1900 },
1901 forceStop => {
1902 description => "Make sure the VM stops.",
1903 type => 'boolean',
1904 optional => 1,
1905 default => 0,
1906 },
1907 keepActive => {
1908 description => "Do not deactivate storage volumes.",
1909 type => 'boolean',
1910 optional => 1,
1911 default => 0,
1912 }
1913 },
1914 },
1915 returns => {
1916 type => 'string',
1917 },
1918 code => sub {
1919 my ($param) = @_;
1920
1921 my $rpcenv = PVE::RPCEnvironment::get();
1922
1923 my $authuser = $rpcenv->get_user();
1924
1925 my $node = extract_param($param, 'node');
1926
1927 my $vmid = extract_param($param, 'vmid');
1928
1929 my $skiplock = extract_param($param, 'skiplock');
1930 raise_param_exc({ skiplock => "Only root may use this option." })
1931 if $skiplock && $authuser ne 'root@pam';
1932
1933 my $keepActive = extract_param($param, 'keepActive');
1934 raise_param_exc({ keepActive => "Only root may use this option." })
1935 if $keepActive && $authuser ne 'root@pam';
1936
1937 my $storecfg = PVE::Storage::config();
1938
1939 my $shutdown = 1;
1940
1941 # if vm is paused, do not shutdown (but stop if forceStop = 1)
1942 # otherwise, we will infer a shutdown command, but run into the timeout,
1943 # then when the vm is resumed, it will instantly shutdown
1944 #
1945 # checking the qmp status here to get feedback to the gui/cli/api
1946 # and the status query should not take too long
1947 my $qmpstatus;
1948 eval {
1949 $qmpstatus = PVE::QemuServer::vm_qmp_command($vmid, { execute => "query-status" }, 0);
1950 };
1951 my $err = $@ if $@;
1952
1953 if (!$err && $qmpstatus->{status} eq "paused") {
1954 if ($param->{forceStop}) {
1955 warn "VM is paused - stop instead of shutdown\n";
1956 $shutdown = 0;
1957 } else {
1958 die "VM is paused - cannot shutdown\n";
1959 }
1960 }
1961
1962 my $realcmd = sub {
1963 my $upid = shift;
1964
1965 syslog('info', "shutdown VM $vmid: $upid\n");
1966
1967 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1968 $shutdown, $param->{forceStop}, $keepActive);
1969
1970 return;
1971 };
1972
1973 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1974 }});
1975
1976 __PACKAGE__->register_method({
1977 name => 'vm_suspend',
1978 path => '{vmid}/status/suspend',
1979 method => 'POST',
1980 protected => 1,
1981 proxyto => 'node',
1982 description => "Suspend virtual machine.",
1983 permissions => {
1984 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1985 },
1986 parameters => {
1987 additionalProperties => 0,
1988 properties => {
1989 node => get_standard_option('pve-node'),
1990 vmid => get_standard_option('pve-vmid',
1991 { completion => \&PVE::QemuServer::complete_vmid_running }),
1992 skiplock => get_standard_option('skiplock'),
1993 },
1994 },
1995 returns => {
1996 type => 'string',
1997 },
1998 code => sub {
1999 my ($param) = @_;
2000
2001 my $rpcenv = PVE::RPCEnvironment::get();
2002
2003 my $authuser = $rpcenv->get_user();
2004
2005 my $node = extract_param($param, 'node');
2006
2007 my $vmid = extract_param($param, 'vmid');
2008
2009 my $skiplock = extract_param($param, 'skiplock');
2010 raise_param_exc({ skiplock => "Only root may use this option." })
2011 if $skiplock && $authuser ne 'root@pam';
2012
2013 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2014
2015 my $realcmd = sub {
2016 my $upid = shift;
2017
2018 syslog('info', "suspend VM $vmid: $upid\n");
2019
2020 PVE::QemuServer::vm_suspend($vmid, $skiplock);
2021
2022 return;
2023 };
2024
2025 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
2026 }});
2027
2028 __PACKAGE__->register_method({
2029 name => 'vm_resume',
2030 path => '{vmid}/status/resume',
2031 method => 'POST',
2032 protected => 1,
2033 proxyto => 'node',
2034 description => "Resume virtual machine.",
2035 permissions => {
2036 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2037 },
2038 parameters => {
2039 additionalProperties => 0,
2040 properties => {
2041 node => get_standard_option('pve-node'),
2042 vmid => get_standard_option('pve-vmid',
2043 { completion => \&PVE::QemuServer::complete_vmid_running }),
2044 skiplock => get_standard_option('skiplock'),
2045 nocheck => { type => 'boolean', optional => 1 },
2046
2047 },
2048 },
2049 returns => {
2050 type => 'string',
2051 },
2052 code => sub {
2053 my ($param) = @_;
2054
2055 my $rpcenv = PVE::RPCEnvironment::get();
2056
2057 my $authuser = $rpcenv->get_user();
2058
2059 my $node = extract_param($param, 'node');
2060
2061 my $vmid = extract_param($param, 'vmid');
2062
2063 my $skiplock = extract_param($param, 'skiplock');
2064 raise_param_exc({ skiplock => "Only root may use this option." })
2065 if $skiplock && $authuser ne 'root@pam';
2066
2067 my $nocheck = extract_param($param, 'nocheck');
2068
2069 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck);
2070
2071 my $realcmd = sub {
2072 my $upid = shift;
2073
2074 syslog('info', "resume VM $vmid: $upid\n");
2075
2076 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
2077
2078 return;
2079 };
2080
2081 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2082 }});
2083
2084 __PACKAGE__->register_method({
2085 name => 'vm_sendkey',
2086 path => '{vmid}/sendkey',
2087 method => 'PUT',
2088 protected => 1,
2089 proxyto => 'node',
2090 description => "Send key event to virtual machine.",
2091 permissions => {
2092 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2093 },
2094 parameters => {
2095 additionalProperties => 0,
2096 properties => {
2097 node => get_standard_option('pve-node'),
2098 vmid => get_standard_option('pve-vmid',
2099 { completion => \&PVE::QemuServer::complete_vmid_running }),
2100 skiplock => get_standard_option('skiplock'),
2101 key => {
2102 description => "The key (qemu monitor encoding).",
2103 type => 'string'
2104 }
2105 },
2106 },
2107 returns => { type => 'null'},
2108 code => sub {
2109 my ($param) = @_;
2110
2111 my $rpcenv = PVE::RPCEnvironment::get();
2112
2113 my $authuser = $rpcenv->get_user();
2114
2115 my $node = extract_param($param, 'node');
2116
2117 my $vmid = extract_param($param, 'vmid');
2118
2119 my $skiplock = extract_param($param, 'skiplock');
2120 raise_param_exc({ skiplock => "Only root may use this option." })
2121 if $skiplock && $authuser ne 'root@pam';
2122
2123 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2124
2125 return;
2126 }});
2127
2128 __PACKAGE__->register_method({
2129 name => 'vm_feature',
2130 path => '{vmid}/feature',
2131 method => 'GET',
2132 proxyto => 'node',
2133 protected => 1,
2134 description => "Check if feature for virtual machine is available.",
2135 permissions => {
2136 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2137 },
2138 parameters => {
2139 additionalProperties => 0,
2140 properties => {
2141 node => get_standard_option('pve-node'),
2142 vmid => get_standard_option('pve-vmid'),
2143 feature => {
2144 description => "Feature to check.",
2145 type => 'string',
2146 enum => [ 'snapshot', 'clone', 'copy' ],
2147 },
2148 snapname => get_standard_option('pve-snapshot-name', {
2149 optional => 1,
2150 }),
2151 },
2152 },
2153 returns => {
2154 type => "object",
2155 properties => {
2156 hasFeature => { type => 'boolean' },
2157 nodes => {
2158 type => 'array',
2159 items => { type => 'string' },
2160 }
2161 },
2162 },
2163 code => sub {
2164 my ($param) = @_;
2165
2166 my $node = extract_param($param, 'node');
2167
2168 my $vmid = extract_param($param, 'vmid');
2169
2170 my $snapname = extract_param($param, 'snapname');
2171
2172 my $feature = extract_param($param, 'feature');
2173
2174 my $running = PVE::QemuServer::check_running($vmid);
2175
2176 my $conf = PVE::QemuConfig->load_config($vmid);
2177
2178 if($snapname){
2179 my $snap = $conf->{snapshots}->{$snapname};
2180 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2181 $conf = $snap;
2182 }
2183 my $storecfg = PVE::Storage::config();
2184
2185 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2186 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
2187
2188 return {
2189 hasFeature => $hasFeature,
2190 nodes => [ keys %$nodelist ],
2191 };
2192 }});
2193
2194 __PACKAGE__->register_method({
2195 name => 'clone_vm',
2196 path => '{vmid}/clone',
2197 method => 'POST',
2198 protected => 1,
2199 proxyto => 'node',
2200 description => "Create a copy of virtual machine/template.",
2201 permissions => {
2202 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2203 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2204 "'Datastore.AllocateSpace' on any used storage.",
2205 check =>
2206 [ 'and',
2207 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2208 [ 'or',
2209 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2210 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2211 ],
2212 ]
2213 },
2214 parameters => {
2215 additionalProperties => 0,
2216 properties => {
2217 node => get_standard_option('pve-node'),
2218 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2219 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2220 name => {
2221 optional => 1,
2222 type => 'string', format => 'dns-name',
2223 description => "Set a name for the new VM.",
2224 },
2225 description => {
2226 optional => 1,
2227 type => 'string',
2228 description => "Description for the new VM.",
2229 },
2230 pool => {
2231 optional => 1,
2232 type => 'string', format => 'pve-poolid',
2233 description => "Add the new VM to the specified pool.",
2234 },
2235 snapname => get_standard_option('pve-snapshot-name', {
2236 optional => 1,
2237 }),
2238 storage => get_standard_option('pve-storage-id', {
2239 description => "Target storage for full clone.",
2240 requires => 'full',
2241 optional => 1,
2242 }),
2243 'format' => {
2244 description => "Target format for file storage.",
2245 requires => 'full',
2246 type => 'string',
2247 optional => 1,
2248 enum => [ 'raw', 'qcow2', 'vmdk'],
2249 },
2250 full => {
2251 optional => 1,
2252 type => 'boolean',
2253 description => "Create a full copy of all disk. This is always done when " .
2254 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2255 default => 0,
2256 },
2257 target => get_standard_option('pve-node', {
2258 description => "Target node. Only allowed if the original VM is on shared storage.",
2259 optional => 1,
2260 }),
2261 },
2262 },
2263 returns => {
2264 type => 'string',
2265 },
2266 code => sub {
2267 my ($param) = @_;
2268
2269 my $rpcenv = PVE::RPCEnvironment::get();
2270
2271 my $authuser = $rpcenv->get_user();
2272
2273 my $node = extract_param($param, 'node');
2274
2275 my $vmid = extract_param($param, 'vmid');
2276
2277 my $newid = extract_param($param, 'newid');
2278
2279 my $pool = extract_param($param, 'pool');
2280
2281 if (defined($pool)) {
2282 $rpcenv->check_pool_exist($pool);
2283 }
2284
2285 my $snapname = extract_param($param, 'snapname');
2286
2287 my $storage = extract_param($param, 'storage');
2288
2289 my $format = extract_param($param, 'format');
2290
2291 my $target = extract_param($param, 'target');
2292
2293 my $localnode = PVE::INotify::nodename();
2294
2295 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2296
2297 PVE::Cluster::check_node_exists($target) if $target;
2298
2299 my $storecfg = PVE::Storage::config();
2300
2301 if ($storage) {
2302 # check if storage is enabled on local node
2303 PVE::Storage::storage_check_enabled($storecfg, $storage);
2304 if ($target) {
2305 # check if storage is available on target node
2306 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2307 # clone only works if target storage is shared
2308 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2309 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2310 }
2311 }
2312
2313 PVE::Cluster::check_cfs_quorum();
2314
2315 my $running = PVE::QemuServer::check_running($vmid) || 0;
2316
2317 # exclusive lock if VM is running - else shared lock is enough;
2318 my $shared_lock = $running ? 0 : 1;
2319
2320 my $clonefn = sub {
2321
2322 # do all tests after lock
2323 # we also try to do all tests before we fork the worker
2324
2325 my $conf = PVE::QemuConfig->load_config($vmid);
2326
2327 PVE::QemuConfig->check_lock($conf);
2328
2329 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2330
2331 die "unexpected state change\n" if $verify_running != $running;
2332
2333 die "snapshot '$snapname' does not exist\n"
2334 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2335
2336 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2337
2338 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2339
2340 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2341
2342 my $conffile = PVE::QemuConfig->config_file($newid);
2343
2344 die "unable to create VM $newid: config file already exists\n"
2345 if -f $conffile;
2346
2347 my $newconf = { lock => 'clone' };
2348 my $drives = {};
2349 my $fullclone = {};
2350 my $vollist = [];
2351
2352 foreach my $opt (keys %$oldconf) {
2353 my $value = $oldconf->{$opt};
2354
2355 # do not copy snapshot related info
2356 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2357 $opt eq 'vmstate' || $opt eq 'snapstate';
2358
2359 # no need to copy unused images, because VMID(owner) changes anyways
2360 next if $opt =~ m/^unused\d+$/;
2361
2362 # always change MAC! address
2363 if ($opt =~ m/^net(\d+)$/) {
2364 my $net = PVE::QemuServer::parse_net($value);
2365 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2366 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
2367 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2368 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
2369 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2370 die "unable to parse drive options for '$opt'\n" if !$drive;
2371 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2372 $newconf->{$opt} = $value; # simply copy configuration
2373 } else {
2374 if ($param->{full}) {
2375 die "Full clone feature is not available"
2376 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2377 $fullclone->{$opt} = 1;
2378 } else {
2379 # not full means clone instead of copy
2380 die "Linked clone feature is not available"
2381 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2382 }
2383 $drives->{$opt} = $drive;
2384 push @$vollist, $drive->{file};
2385 }
2386 } else {
2387 # copy everything else
2388 $newconf->{$opt} = $value;
2389 }
2390 }
2391
2392 # auto generate a new uuid
2393 my ($uuid, $uuid_str);
2394 UUID::generate($uuid);
2395 UUID::unparse($uuid, $uuid_str);
2396 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2397 $smbios1->{uuid} = $uuid_str;
2398 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2399
2400 delete $newconf->{template};
2401
2402 if ($param->{name}) {
2403 $newconf->{name} = $param->{name};
2404 } else {
2405 if ($oldconf->{name}) {
2406 $newconf->{name} = "Copy-of-$oldconf->{name}";
2407 } else {
2408 $newconf->{name} = "Copy-of-VM-$vmid";
2409 }
2410 }
2411
2412 if ($param->{description}) {
2413 $newconf->{description} = $param->{description};
2414 }
2415
2416 # create empty/temp config - this fails if VM already exists on other node
2417 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2418
2419 my $realcmd = sub {
2420 my $upid = shift;
2421
2422 my $newvollist = [];
2423
2424 eval {
2425 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2426
2427 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2428
2429 foreach my $opt (keys %$drives) {
2430 my $drive = $drives->{$opt};
2431
2432 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2433 $newid, $storage, $format, $fullclone->{$opt}, $newvollist);
2434
2435 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2436
2437 PVE::QemuConfig->write_config($newid, $newconf);
2438 }
2439
2440 delete $newconf->{lock};
2441 PVE::QemuConfig->write_config($newid, $newconf);
2442
2443 if ($target) {
2444 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2445 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
2446 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
2447
2448 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
2449 die "Failed to move config to node '$target' - rename failed: $!\n"
2450 if !rename($conffile, $newconffile);
2451 }
2452
2453 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2454 };
2455 if (my $err = $@) {
2456 unlink $conffile;
2457
2458 sleep 1; # some storage like rbd need to wait before release volume - really?
2459
2460 foreach my $volid (@$newvollist) {
2461 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2462 warn $@ if $@;
2463 }
2464 die "clone failed: $err";
2465 }
2466
2467 return;
2468 };
2469
2470 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2471
2472 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2473 };
2474
2475 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
2476 # Aquire exclusive lock lock for $newid
2477 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
2478 });
2479
2480 }});
2481
2482 __PACKAGE__->register_method({
2483 name => 'move_vm_disk',
2484 path => '{vmid}/move_disk',
2485 method => 'POST',
2486 protected => 1,
2487 proxyto => 'node',
2488 description => "Move volume to different storage.",
2489 permissions => {
2490 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2491 "and 'Datastore.AllocateSpace' permissions on the storage.",
2492 check =>
2493 [ 'and',
2494 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2495 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2496 ],
2497 },
2498 parameters => {
2499 additionalProperties => 0,
2500 properties => {
2501 node => get_standard_option('pve-node'),
2502 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2503 disk => {
2504 type => 'string',
2505 description => "The disk you want to move.",
2506 enum => [ PVE::QemuServer::valid_drive_names() ],
2507 },
2508 storage => get_standard_option('pve-storage-id', {
2509 description => "Target storage.",
2510 completion => \&PVE::QemuServer::complete_storage,
2511 }),
2512 'format' => {
2513 type => 'string',
2514 description => "Target Format.",
2515 enum => [ 'raw', 'qcow2', 'vmdk' ],
2516 optional => 1,
2517 },
2518 delete => {
2519 type => 'boolean',
2520 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2521 optional => 1,
2522 default => 0,
2523 },
2524 digest => {
2525 type => 'string',
2526 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2527 maxLength => 40,
2528 optional => 1,
2529 },
2530 },
2531 },
2532 returns => {
2533 type => 'string',
2534 description => "the task ID.",
2535 },
2536 code => sub {
2537 my ($param) = @_;
2538
2539 my $rpcenv = PVE::RPCEnvironment::get();
2540
2541 my $authuser = $rpcenv->get_user();
2542
2543 my $node = extract_param($param, 'node');
2544
2545 my $vmid = extract_param($param, 'vmid');
2546
2547 my $digest = extract_param($param, 'digest');
2548
2549 my $disk = extract_param($param, 'disk');
2550
2551 my $storeid = extract_param($param, 'storage');
2552
2553 my $format = extract_param($param, 'format');
2554
2555 my $storecfg = PVE::Storage::config();
2556
2557 my $updatefn = sub {
2558
2559 my $conf = PVE::QemuConfig->load_config($vmid);
2560
2561 PVE::QemuConfig->check_lock($conf);
2562
2563 die "checksum missmatch (file change by other user?)\n"
2564 if $digest && $digest ne $conf->{digest};
2565
2566 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2567
2568 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2569
2570 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2571
2572 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2573
2574 my $oldfmt;
2575 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2576 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2577 $oldfmt = $1;
2578 }
2579
2580 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2581 (!$format || !$oldfmt || $oldfmt eq $format);
2582
2583 # this only checks snapshots because $disk is passed!
2584 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
2585 die "you can't move a disk with snapshots and delete the source\n"
2586 if $snapshotted && $param->{delete};
2587
2588 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2589
2590 my $running = PVE::QemuServer::check_running($vmid);
2591
2592 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2593
2594 my $realcmd = sub {
2595
2596 my $newvollist = [];
2597
2598 eval {
2599 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2600
2601 warn "moving disk with snapshots, snapshots will not be moved!\n"
2602 if $snapshotted;
2603
2604 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2605 $vmid, $storeid, $format, 1, $newvollist);
2606
2607 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2608
2609 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
2610
2611 PVE::QemuConfig->write_config($vmid, $conf);
2612
2613 eval {
2614 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2615 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2616 if !$running;
2617 };
2618 warn $@ if $@;
2619 };
2620 if (my $err = $@) {
2621
2622 foreach my $volid (@$newvollist) {
2623 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2624 warn $@ if $@;
2625 }
2626 die "storage migration failed: $err";
2627 }
2628
2629 if ($param->{delete}) {
2630 eval {
2631 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
2632 PVE::Storage::vdisk_free($storecfg, $old_volid);
2633 };
2634 warn $@ if $@;
2635 }
2636 };
2637
2638 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2639 };
2640
2641 return PVE::QemuConfig->lock_config($vmid, $updatefn);
2642 }});
2643
2644 __PACKAGE__->register_method({
2645 name => 'migrate_vm',
2646 path => '{vmid}/migrate',
2647 method => 'POST',
2648 protected => 1,
2649 proxyto => 'node',
2650 description => "Migrate virtual machine. Creates a new migration task.",
2651 permissions => {
2652 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2653 },
2654 parameters => {
2655 additionalProperties => 0,
2656 properties => {
2657 node => get_standard_option('pve-node'),
2658 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2659 target => get_standard_option('pve-node', {
2660 description => "Target node.",
2661 completion => \&PVE::Cluster::complete_migration_target,
2662 }),
2663 online => {
2664 type => 'boolean',
2665 description => "Use online/live migration.",
2666 optional => 1,
2667 },
2668 force => {
2669 type => 'boolean',
2670 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2671 optional => 1,
2672 },
2673 migration_type => {
2674 type => 'string',
2675 enum => ['secure', 'insecure'],
2676 description => "Migration traffic is encrypted using an SSH " .
2677 "tunnel by default. On secure, completely private networks " .
2678 "this can be disabled to increase performance.",
2679 optional => 1,
2680 },
2681 migration_network => {
2682 type => 'string',
2683 format => 'CIDR',
2684 description => "CIDR of the (sub) network that is used for migration.",
2685 optional => 1,
2686 },
2687 },
2688 },
2689 returns => {
2690 type => 'string',
2691 description => "the task ID.",
2692 },
2693 code => sub {
2694 my ($param) = @_;
2695
2696 my $rpcenv = PVE::RPCEnvironment::get();
2697
2698 my $authuser = $rpcenv->get_user();
2699
2700 my $target = extract_param($param, 'target');
2701
2702 my $localnode = PVE::INotify::nodename();
2703 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2704
2705 PVE::Cluster::check_cfs_quorum();
2706
2707 PVE::Cluster::check_node_exists($target);
2708
2709 my $targetip = PVE::Cluster::remote_node_ip($target);
2710
2711 my $vmid = extract_param($param, 'vmid');
2712
2713 raise_param_exc({ force => "Only root may use this option." })
2714 if $param->{force} && $authuser ne 'root@pam';
2715
2716 raise_param_exc({ migration_type => "Only root may use this option." })
2717 if $param->{migration_type} && $authuser ne 'root@pam';
2718
2719 # allow root only until better network permissions are available
2720 raise_param_exc({ migration_network => "Only root may use this option." })
2721 if $param->{migration_network} && $authuser ne 'root@pam';
2722
2723 # test if VM exists
2724 my $conf = PVE::QemuConfig->load_config($vmid);
2725
2726 # try to detect errors early
2727
2728 PVE::QemuConfig->check_lock($conf);
2729
2730 if (PVE::QemuServer::check_running($vmid)) {
2731 die "cant migrate running VM without --online\n"
2732 if !$param->{online};
2733 }
2734
2735 my $storecfg = PVE::Storage::config();
2736 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2737
2738 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2739
2740 my $hacmd = sub {
2741 my $upid = shift;
2742
2743 my $service = "vm:$vmid";
2744
2745 my $cmd = ['ha-manager', 'migrate', $service, $target];
2746
2747 print "Executing HA migrate for VM $vmid to node $target\n";
2748
2749 PVE::Tools::run_command($cmd);
2750
2751 return;
2752 };
2753
2754 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2755
2756 } else {
2757
2758 my $realcmd = sub {
2759 my $upid = shift;
2760
2761 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2762 };
2763
2764 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2765 }
2766
2767 }});
2768
2769 __PACKAGE__->register_method({
2770 name => 'monitor',
2771 path => '{vmid}/monitor',
2772 method => 'POST',
2773 protected => 1,
2774 proxyto => 'node',
2775 description => "Execute Qemu monitor commands.",
2776 permissions => {
2777 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2778 },
2779 parameters => {
2780 additionalProperties => 0,
2781 properties => {
2782 node => get_standard_option('pve-node'),
2783 vmid => get_standard_option('pve-vmid'),
2784 command => {
2785 type => 'string',
2786 description => "The monitor command.",
2787 }
2788 },
2789 },
2790 returns => { type => 'string'},
2791 code => sub {
2792 my ($param) = @_;
2793
2794 my $vmid = $param->{vmid};
2795
2796 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
2797
2798 my $res = '';
2799 eval {
2800 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2801 };
2802 $res = "ERROR: $@" if $@;
2803
2804 return $res;
2805 }});
2806
2807 __PACKAGE__->register_method({
2808 name => 'resize_vm',
2809 path => '{vmid}/resize',
2810 method => 'PUT',
2811 protected => 1,
2812 proxyto => 'node',
2813 description => "Extend volume size.",
2814 permissions => {
2815 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2816 },
2817 parameters => {
2818 additionalProperties => 0,
2819 properties => {
2820 node => get_standard_option('pve-node'),
2821 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2822 skiplock => get_standard_option('skiplock'),
2823 disk => {
2824 type => 'string',
2825 description => "The disk you want to resize.",
2826 enum => [PVE::QemuServer::valid_drive_names()],
2827 },
2828 size => {
2829 type => 'string',
2830 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2831 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2832 },
2833 digest => {
2834 type => 'string',
2835 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2836 maxLength => 40,
2837 optional => 1,
2838 },
2839 },
2840 },
2841 returns => { type => 'null'},
2842 code => sub {
2843 my ($param) = @_;
2844
2845 my $rpcenv = PVE::RPCEnvironment::get();
2846
2847 my $authuser = $rpcenv->get_user();
2848
2849 my $node = extract_param($param, 'node');
2850
2851 my $vmid = extract_param($param, 'vmid');
2852
2853 my $digest = extract_param($param, 'digest');
2854
2855 my $disk = extract_param($param, 'disk');
2856
2857 my $sizestr = extract_param($param, 'size');
2858
2859 my $skiplock = extract_param($param, 'skiplock');
2860 raise_param_exc({ skiplock => "Only root may use this option." })
2861 if $skiplock && $authuser ne 'root@pam';
2862
2863 my $storecfg = PVE::Storage::config();
2864
2865 my $updatefn = sub {
2866
2867 my $conf = PVE::QemuConfig->load_config($vmid);
2868
2869 die "checksum missmatch (file change by other user?)\n"
2870 if $digest && $digest ne $conf->{digest};
2871 PVE::QemuConfig->check_lock($conf) if !$skiplock;
2872
2873 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2874
2875 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2876
2877 my (undef, undef, undef, undef, undef, undef, $format) =
2878 PVE::Storage::parse_volname($storecfg, $drive->{file});
2879
2880 die "can't resize volume: $disk if snapshot exists\n"
2881 if %{$conf->{snapshots}} && $format eq 'qcow2';
2882
2883 my $volid = $drive->{file};
2884
2885 die "disk '$disk' has no associated volume\n" if !$volid;
2886
2887 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2888
2889 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2890
2891 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2892
2893 PVE::Storage::activate_volumes($storecfg, [$volid]);
2894 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2895
2896 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2897 my ($ext, $newsize, $unit) = ($1, $2, $4);
2898 if ($unit) {
2899 if ($unit eq 'K') {
2900 $newsize = $newsize * 1024;
2901 } elsif ($unit eq 'M') {
2902 $newsize = $newsize * 1024 * 1024;
2903 } elsif ($unit eq 'G') {
2904 $newsize = $newsize * 1024 * 1024 * 1024;
2905 } elsif ($unit eq 'T') {
2906 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2907 }
2908 }
2909 $newsize += $size if $ext;
2910 $newsize = int($newsize);
2911
2912 die "unable to skrink disk size\n" if $newsize < $size;
2913
2914 return if $size == $newsize;
2915
2916 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2917
2918 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2919
2920 $drive->{size} = $newsize;
2921 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2922
2923 PVE::QemuConfig->write_config($vmid, $conf);
2924 };
2925
2926 PVE::QemuConfig->lock_config($vmid, $updatefn);
2927 return undef;
2928 }});
2929
2930 __PACKAGE__->register_method({
2931 name => 'snapshot_list',
2932 path => '{vmid}/snapshot',
2933 method => 'GET',
2934 description => "List all snapshots.",
2935 permissions => {
2936 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2937 },
2938 proxyto => 'node',
2939 protected => 1, # qemu pid files are only readable by root
2940 parameters => {
2941 additionalProperties => 0,
2942 properties => {
2943 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2944 node => get_standard_option('pve-node'),
2945 },
2946 },
2947 returns => {
2948 type => 'array',
2949 items => {
2950 type => "object",
2951 properties => {},
2952 },
2953 links => [ { rel => 'child', href => "{name}" } ],
2954 },
2955 code => sub {
2956 my ($param) = @_;
2957
2958 my $vmid = $param->{vmid};
2959
2960 my $conf = PVE::QemuConfig->load_config($vmid);
2961 my $snaphash = $conf->{snapshots} || {};
2962
2963 my $res = [];
2964
2965 foreach my $name (keys %$snaphash) {
2966 my $d = $snaphash->{$name};
2967 my $item = {
2968 name => $name,
2969 snaptime => $d->{snaptime} || 0,
2970 vmstate => $d->{vmstate} ? 1 : 0,
2971 description => $d->{description} || '',
2972 };
2973 $item->{parent} = $d->{parent} if $d->{parent};
2974 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2975 push @$res, $item;
2976 }
2977
2978 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2979 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2980 $current->{parent} = $conf->{parent} if $conf->{parent};
2981
2982 push @$res, $current;
2983
2984 return $res;
2985 }});
2986
2987 __PACKAGE__->register_method({
2988 name => 'snapshot',
2989 path => '{vmid}/snapshot',
2990 method => 'POST',
2991 protected => 1,
2992 proxyto => 'node',
2993 description => "Snapshot a VM.",
2994 permissions => {
2995 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2996 },
2997 parameters => {
2998 additionalProperties => 0,
2999 properties => {
3000 node => get_standard_option('pve-node'),
3001 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3002 snapname => get_standard_option('pve-snapshot-name'),
3003 vmstate => {
3004 optional => 1,
3005 type => 'boolean',
3006 description => "Save the vmstate",
3007 },
3008 description => {
3009 optional => 1,
3010 type => 'string',
3011 description => "A textual description or comment.",
3012 },
3013 },
3014 },
3015 returns => {
3016 type => 'string',
3017 description => "the task ID.",
3018 },
3019 code => sub {
3020 my ($param) = @_;
3021
3022 my $rpcenv = PVE::RPCEnvironment::get();
3023
3024 my $authuser = $rpcenv->get_user();
3025
3026 my $node = extract_param($param, 'node');
3027
3028 my $vmid = extract_param($param, 'vmid');
3029
3030 my $snapname = extract_param($param, 'snapname');
3031
3032 die "unable to use snapshot name 'current' (reserved name)\n"
3033 if $snapname eq 'current';
3034
3035 my $realcmd = sub {
3036 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
3037 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
3038 $param->{description});
3039 };
3040
3041 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
3042 }});
3043
3044 __PACKAGE__->register_method({
3045 name => 'snapshot_cmd_idx',
3046 path => '{vmid}/snapshot/{snapname}',
3047 description => '',
3048 method => 'GET',
3049 permissions => {
3050 user => 'all',
3051 },
3052 parameters => {
3053 additionalProperties => 0,
3054 properties => {
3055 vmid => get_standard_option('pve-vmid'),
3056 node => get_standard_option('pve-node'),
3057 snapname => get_standard_option('pve-snapshot-name'),
3058 },
3059 },
3060 returns => {
3061 type => 'array',
3062 items => {
3063 type => "object",
3064 properties => {},
3065 },
3066 links => [ { rel => 'child', href => "{cmd}" } ],
3067 },
3068 code => sub {
3069 my ($param) = @_;
3070
3071 my $res = [];
3072
3073 push @$res, { cmd => 'rollback' };
3074 push @$res, { cmd => 'config' };
3075
3076 return $res;
3077 }});
3078
3079 __PACKAGE__->register_method({
3080 name => 'update_snapshot_config',
3081 path => '{vmid}/snapshot/{snapname}/config',
3082 method => 'PUT',
3083 protected => 1,
3084 proxyto => 'node',
3085 description => "Update snapshot metadata.",
3086 permissions => {
3087 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3088 },
3089 parameters => {
3090 additionalProperties => 0,
3091 properties => {
3092 node => get_standard_option('pve-node'),
3093 vmid => get_standard_option('pve-vmid'),
3094 snapname => get_standard_option('pve-snapshot-name'),
3095 description => {
3096 optional => 1,
3097 type => 'string',
3098 description => "A textual description or comment.",
3099 },
3100 },
3101 },
3102 returns => { type => 'null' },
3103 code => sub {
3104 my ($param) = @_;
3105
3106 my $rpcenv = PVE::RPCEnvironment::get();
3107
3108 my $authuser = $rpcenv->get_user();
3109
3110 my $vmid = extract_param($param, 'vmid');
3111
3112 my $snapname = extract_param($param, 'snapname');
3113
3114 return undef if !defined($param->{description});
3115
3116 my $updatefn = sub {
3117
3118 my $conf = PVE::QemuConfig->load_config($vmid);
3119
3120 PVE::QemuConfig->check_lock($conf);
3121
3122 my $snap = $conf->{snapshots}->{$snapname};
3123
3124 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3125
3126 $snap->{description} = $param->{description} if defined($param->{description});
3127
3128 PVE::QemuConfig->write_config($vmid, $conf);
3129 };
3130
3131 PVE::QemuConfig->lock_config($vmid, $updatefn);
3132
3133 return undef;
3134 }});
3135
3136 __PACKAGE__->register_method({
3137 name => 'get_snapshot_config',
3138 path => '{vmid}/snapshot/{snapname}/config',
3139 method => 'GET',
3140 proxyto => 'node',
3141 description => "Get snapshot configuration",
3142 permissions => {
3143 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3144 },
3145 parameters => {
3146 additionalProperties => 0,
3147 properties => {
3148 node => get_standard_option('pve-node'),
3149 vmid => get_standard_option('pve-vmid'),
3150 snapname => get_standard_option('pve-snapshot-name'),
3151 },
3152 },
3153 returns => { type => "object" },
3154 code => sub {
3155 my ($param) = @_;
3156
3157 my $rpcenv = PVE::RPCEnvironment::get();
3158
3159 my $authuser = $rpcenv->get_user();
3160
3161 my $vmid = extract_param($param, 'vmid');
3162
3163 my $snapname = extract_param($param, 'snapname');
3164
3165 my $conf = PVE::QemuConfig->load_config($vmid);
3166
3167 my $snap = $conf->{snapshots}->{$snapname};
3168
3169 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3170
3171 return $snap;
3172 }});
3173
3174 __PACKAGE__->register_method({
3175 name => 'rollback',
3176 path => '{vmid}/snapshot/{snapname}/rollback',
3177 method => 'POST',
3178 protected => 1,
3179 proxyto => 'node',
3180 description => "Rollback VM state to specified snapshot.",
3181 permissions => {
3182 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3183 },
3184 parameters => {
3185 additionalProperties => 0,
3186 properties => {
3187 node => get_standard_option('pve-node'),
3188 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3189 snapname => get_standard_option('pve-snapshot-name'),
3190 },
3191 },
3192 returns => {
3193 type => 'string',
3194 description => "the task ID.",
3195 },
3196 code => sub {
3197 my ($param) = @_;
3198
3199 my $rpcenv = PVE::RPCEnvironment::get();
3200
3201 my $authuser = $rpcenv->get_user();
3202
3203 my $node = extract_param($param, 'node');
3204
3205 my $vmid = extract_param($param, 'vmid');
3206
3207 my $snapname = extract_param($param, 'snapname');
3208
3209 my $realcmd = sub {
3210 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3211 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
3212 };
3213
3214 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3215 }});
3216
3217 __PACKAGE__->register_method({
3218 name => 'delsnapshot',
3219 path => '{vmid}/snapshot/{snapname}',
3220 method => 'DELETE',
3221 protected => 1,
3222 proxyto => 'node',
3223 description => "Delete a VM snapshot.",
3224 permissions => {
3225 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3226 },
3227 parameters => {
3228 additionalProperties => 0,
3229 properties => {
3230 node => get_standard_option('pve-node'),
3231 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3232 snapname => get_standard_option('pve-snapshot-name'),
3233 force => {
3234 optional => 1,
3235 type => 'boolean',
3236 description => "For removal from config file, even if removing disk snapshots fails.",
3237 },
3238 },
3239 },
3240 returns => {
3241 type => 'string',
3242 description => "the task ID.",
3243 },
3244 code => sub {
3245 my ($param) = @_;
3246
3247 my $rpcenv = PVE::RPCEnvironment::get();
3248
3249 my $authuser = $rpcenv->get_user();
3250
3251 my $node = extract_param($param, 'node');
3252
3253 my $vmid = extract_param($param, 'vmid');
3254
3255 my $snapname = extract_param($param, 'snapname');
3256
3257 my $realcmd = sub {
3258 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3259 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
3260 };
3261
3262 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3263 }});
3264
3265 __PACKAGE__->register_method({
3266 name => 'template',
3267 path => '{vmid}/template',
3268 method => 'POST',
3269 protected => 1,
3270 proxyto => 'node',
3271 description => "Create a Template.",
3272 permissions => {
3273 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3274 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3275 },
3276 parameters => {
3277 additionalProperties => 0,
3278 properties => {
3279 node => get_standard_option('pve-node'),
3280 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3281 disk => {
3282 optional => 1,
3283 type => 'string',
3284 description => "If you want to convert only 1 disk to base image.",
3285 enum => [PVE::QemuServer::valid_drive_names()],
3286 },
3287
3288 },
3289 },
3290 returns => { type => 'null'},
3291 code => sub {
3292 my ($param) = @_;
3293
3294 my $rpcenv = PVE::RPCEnvironment::get();
3295
3296 my $authuser = $rpcenv->get_user();
3297
3298 my $node = extract_param($param, 'node');
3299
3300 my $vmid = extract_param($param, 'vmid');
3301
3302 my $disk = extract_param($param, 'disk');
3303
3304 my $updatefn = sub {
3305
3306 my $conf = PVE::QemuConfig->load_config($vmid);
3307
3308 PVE::QemuConfig->check_lock($conf);
3309
3310 die "unable to create template, because VM contains snapshots\n"
3311 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3312
3313 die "you can't convert a template to a template\n"
3314 if PVE::QemuConfig->is_template($conf) && !$disk;
3315
3316 die "you can't convert a VM to template if VM is running\n"
3317 if PVE::QemuServer::check_running($vmid);
3318
3319 my $realcmd = sub {
3320 PVE::QemuServer::template_create($vmid, $conf, $disk);
3321 };
3322
3323 $conf->{template} = 1;
3324 PVE::QemuConfig->write_config($vmid, $conf);
3325
3326 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3327 };
3328
3329 PVE::QemuConfig->lock_config($vmid, $updatefn);
3330 return undef;
3331 }});
3332
3333 1;
Virtual Machine Manager