]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
spiceproxy: remove socat, and return data to access the new spiceproxy server
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6
7 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
8 use PVE::SafeSyslog;
9 use PVE::Tools qw(extract_param);
10 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
11 use PVE::Storage;
12 use PVE::JSONSchema qw(get_standard_option);
13 use PVE::RESTHandler;
14 use PVE::QemuServer;
15 use PVE::QemuMigrate;
16 use PVE::RPCEnvironment;
17 use PVE::AccessControl;
18 use PVE::INotify;
19 use PVE::Network;
20
21 use Data::Dumper; # fixme: remove
22
23 use base qw(PVE::RESTHandler);
24
25 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
26
27 my $resolve_cdrom_alias = sub {
28 my $param = shift;
29
30 if (my $value = $param->{cdrom}) {
31 $value .= ",media=cdrom" if $value !~ m/media=/;
32 $param->{ide2} = $value;
33 delete $param->{cdrom};
34 }
35 };
36
37
38 my $check_storage_access = sub {
39 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
40
41 PVE::QemuServer::foreach_drive($settings, sub {
42 my ($ds, $drive) = @_;
43
44 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
45
46 my $volid = $drive->{file};
47
48 if (!$volid || $volid eq 'none') {
49 # nothing to check
50 } elsif ($isCDROM && ($volid eq 'cdrom')) {
51 $rpcenv->check($authuser, "/", ['Sys.Console']);
52 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
53 my ($storeid, $size) = ($2 || $default_storage, $3);
54 die "no storage ID specified (and no default storage)\n" if !$storeid;
55 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
56 } else {
57 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
58 }
59 });
60 };
61
62 my $check_storage_access_clone = sub {
63 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
64
65 my $sharedvm = 1;
66
67 PVE::QemuServer::foreach_drive($conf, sub {
68 my ($ds, $drive) = @_;
69
70 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
71
72 my $volid = $drive->{file};
73
74 return if !$volid || $volid eq 'none';
75
76 if ($isCDROM) {
77 if ($volid eq 'cdrom') {
78 $rpcenv->check($authuser, "/", ['Sys.Console']);
79 } else {
80 # we simply allow access
81 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
82 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
83 $sharedvm = 0 if !$scfg->{shared};
84
85 }
86 } else {
87 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
88 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
89 $sharedvm = 0 if !$scfg->{shared};
90
91 $sid = $storage if $storage;
92 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
93 }
94 });
95
96 return $sharedvm;
97 };
98
99 # Note: $pool is only needed when creating a VM, because pool permissions
100 # are automatically inherited if VM already exists inside a pool.
101 my $create_disks = sub {
102 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
103
104 my $vollist = [];
105
106 my $res = {};
107 PVE::QemuServer::foreach_drive($settings, sub {
108 my ($ds, $disk) = @_;
109
110 my $volid = $disk->{file};
111
112 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
113 delete $disk->{size};
114 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
115 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
116 my ($storeid, $size) = ($2 || $default_storage, $3);
117 die "no storage ID specified (and no default storage)\n" if !$storeid;
118 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
119 my $fmt = $disk->{format} || $defformat;
120 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
121 $fmt, undef, $size*1024*1024);
122 $disk->{file} = $volid;
123 $disk->{size} = $size*1024*1024*1024;
124 push @$vollist, $volid;
125 delete $disk->{format}; # no longer needed
126 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
127 } else {
128
129 my $path = $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
130
131 my $volid_is_new = 1;
132
133 if ($conf->{$ds}) {
134 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
135 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
136 }
137
138 if ($volid_is_new) {
139
140 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
141
142 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
143
144 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
145
146 die "volume $volid does not exists\n" if !$size;
147
148 $disk->{size} = $size;
149 }
150
151 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
152 }
153 });
154
155 # free allocated images on error
156 if (my $err = $@) {
157 syslog('err', "VM $vmid creating disks failed");
158 foreach my $volid (@$vollist) {
159 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
160 warn $@ if $@;
161 }
162 die $err;
163 }
164
165 # modify vm config if everything went well
166 foreach my $ds (keys %$res) {
167 $conf->{$ds} = $res->{$ds};
168 }
169
170 return $vollist;
171 };
172
173 my $check_vm_modify_config_perm = sub {
174 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
175
176 return 1 if $authuser eq 'root@pam';
177
178 foreach my $opt (@$key_list) {
179 # disk checks need to be done somewhere else
180 next if PVE::QemuServer::valid_drivename($opt);
181
182 if ($opt eq 'sockets' || $opt eq 'cores' ||
183 $opt eq 'cpu' || $opt eq 'smp' ||
184 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
185 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
186 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
187 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
188 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
189 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
190 } elsif ($opt eq 'args' || $opt eq 'lock') {
191 die "only root can set '$opt' config\n";
192 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
193 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet') {
194 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
195 } elsif ($opt =~ m/^net\d+$/) {
196 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
197 } else {
198 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
199 }
200 }
201
202 return 1;
203 };
204
205 __PACKAGE__->register_method({
206 name => 'vmlist',
207 path => '',
208 method => 'GET',
209 description => "Virtual machine index (per node).",
210 permissions => {
211 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
212 user => 'all',
213 },
214 proxyto => 'node',
215 protected => 1, # qemu pid files are only readable by root
216 parameters => {
217 additionalProperties => 0,
218 properties => {
219 node => get_standard_option('pve-node'),
220 },
221 },
222 returns => {
223 type => 'array',
224 items => {
225 type => "object",
226 properties => {},
227 },
228 links => [ { rel => 'child', href => "{vmid}" } ],
229 },
230 code => sub {
231 my ($param) = @_;
232
233 my $rpcenv = PVE::RPCEnvironment::get();
234 my $authuser = $rpcenv->get_user();
235
236 my $vmstatus = PVE::QemuServer::vmstatus();
237
238 my $res = [];
239 foreach my $vmid (keys %$vmstatus) {
240 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
241
242 my $data = $vmstatus->{$vmid};
243 $data->{vmid} = $vmid;
244 push @$res, $data;
245 }
246
247 return $res;
248 }});
249
250
251
252 __PACKAGE__->register_method({
253 name => 'create_vm',
254 path => '',
255 method => 'POST',
256 description => "Create or restore a virtual machine.",
257 permissions => {
258 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
259 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
260 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
261 user => 'all', # check inside
262 },
263 protected => 1,
264 proxyto => 'node',
265 parameters => {
266 additionalProperties => 0,
267 properties => PVE::QemuServer::json_config_properties(
268 {
269 node => get_standard_option('pve-node'),
270 vmid => get_standard_option('pve-vmid'),
271 archive => {
272 description => "The backup file.",
273 type => 'string',
274 optional => 1,
275 maxLength => 255,
276 },
277 storage => get_standard_option('pve-storage-id', {
278 description => "Default storage.",
279 optional => 1,
280 }),
281 force => {
282 optional => 1,
283 type => 'boolean',
284 description => "Allow to overwrite existing VM.",
285 requires => 'archive',
286 },
287 unique => {
288 optional => 1,
289 type => 'boolean',
290 description => "Assign a unique random ethernet address.",
291 requires => 'archive',
292 },
293 pool => {
294 optional => 1,
295 type => 'string', format => 'pve-poolid',
296 description => "Add the VM to the specified pool.",
297 },
298 }),
299 },
300 returns => {
301 type => 'string',
302 },
303 code => sub {
304 my ($param) = @_;
305
306 my $rpcenv = PVE::RPCEnvironment::get();
307
308 my $authuser = $rpcenv->get_user();
309
310 my $node = extract_param($param, 'node');
311
312 my $vmid = extract_param($param, 'vmid');
313
314 my $archive = extract_param($param, 'archive');
315
316 my $storage = extract_param($param, 'storage');
317
318 my $force = extract_param($param, 'force');
319
320 my $unique = extract_param($param, 'unique');
321
322 my $pool = extract_param($param, 'pool');
323
324 my $filename = PVE::QemuServer::config_file($vmid);
325
326 my $storecfg = PVE::Storage::config();
327
328 PVE::Cluster::check_cfs_quorum();
329
330 if (defined($pool)) {
331 $rpcenv->check_pool_exist($pool);
332 }
333
334 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
335 if defined($storage);
336
337 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
338 # OK
339 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
340 # OK
341 } elsif ($archive && $force && (-f $filename) &&
342 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
343 # OK: user has VM.Backup permissions, and want to restore an existing VM
344 } else {
345 raise_perm_exc();
346 }
347
348 if (!$archive) {
349 &$resolve_cdrom_alias($param);
350
351 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
352
353 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
354
355 foreach my $opt (keys %$param) {
356 if (PVE::QemuServer::valid_drivename($opt)) {
357 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
358 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
359
360 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
361 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
362 }
363 }
364
365 PVE::QemuServer::add_random_macs($param);
366 } else {
367 my $keystr = join(' ', keys %$param);
368 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
369
370 if ($archive eq '-') {
371 die "pipe requires cli environment\n"
372 if $rpcenv->{type} ne 'cli';
373 } else {
374 my $path = $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
375
376 PVE::Storage::activate_volumes($storecfg, [ $archive ])
377 if PVE::Storage::parse_volume_id ($archive, 1);
378
379 die "can't find archive file '$archive'\n" if !($path && -f $path);
380 $archive = $path;
381 }
382 }
383
384 my $restorefn = sub {
385
386 # fixme: this test does not work if VM exists on other node!
387 if (-f $filename) {
388 die "unable to restore vm $vmid: config file already exists\n"
389 if !$force;
390
391 die "unable to restore vm $vmid: vm is running\n"
392 if PVE::QemuServer::check_running($vmid);
393 }
394
395 my $realcmd = sub {
396 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
397 storage => $storage,
398 pool => $pool,
399 unique => $unique });
400
401 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
402 };
403
404 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
405 };
406
407 my $createfn = sub {
408
409 # test after locking
410 die "unable to create vm $vmid: config file already exists\n"
411 if -f $filename;
412
413 my $realcmd = sub {
414
415 my $vollist = [];
416
417 my $conf = $param;
418
419 eval {
420
421 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
422
423 # try to be smart about bootdisk
424 my @disks = PVE::QemuServer::disknames();
425 my $firstdisk;
426 foreach my $ds (reverse @disks) {
427 next if !$conf->{$ds};
428 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
429 next if PVE::QemuServer::drive_is_cdrom($disk);
430 $firstdisk = $ds;
431 }
432
433 if (!$conf->{bootdisk} && $firstdisk) {
434 $conf->{bootdisk} = $firstdisk;
435 }
436
437 PVE::QemuServer::update_config_nolock($vmid, $conf);
438
439 };
440 my $err = $@;
441
442 if ($err) {
443 foreach my $volid (@$vollist) {
444 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
445 warn $@ if $@;
446 }
447 die "create failed - $err";
448 }
449
450 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
451 };
452
453 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
454 };
455
456 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
457 }});
458
459 __PACKAGE__->register_method({
460 name => 'vmdiridx',
461 path => '{vmid}',
462 method => 'GET',
463 proxyto => 'node',
464 description => "Directory index",
465 permissions => {
466 user => 'all',
467 },
468 parameters => {
469 additionalProperties => 0,
470 properties => {
471 node => get_standard_option('pve-node'),
472 vmid => get_standard_option('pve-vmid'),
473 },
474 },
475 returns => {
476 type => 'array',
477 items => {
478 type => "object",
479 properties => {
480 subdir => { type => 'string' },
481 },
482 },
483 links => [ { rel => 'child', href => "{subdir}" } ],
484 },
485 code => sub {
486 my ($param) = @_;
487
488 my $res = [
489 { subdir => 'config' },
490 { subdir => 'status' },
491 { subdir => 'unlink' },
492 { subdir => 'vncproxy' },
493 { subdir => 'migrate' },
494 { subdir => 'resize' },
495 { subdir => 'move' },
496 { subdir => 'rrd' },
497 { subdir => 'rrddata' },
498 { subdir => 'monitor' },
499 { subdir => 'snapshot' },
500 { subdir => 'spiceproxy' },
501 ];
502
503 return $res;
504 }});
505
506 __PACKAGE__->register_method({
507 name => 'rrd',
508 path => '{vmid}/rrd',
509 method => 'GET',
510 protected => 1, # fixme: can we avoid that?
511 permissions => {
512 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
513 },
514 description => "Read VM RRD statistics (returns PNG)",
515 parameters => {
516 additionalProperties => 0,
517 properties => {
518 node => get_standard_option('pve-node'),
519 vmid => get_standard_option('pve-vmid'),
520 timeframe => {
521 description => "Specify the time frame you are interested in.",
522 type => 'string',
523 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
524 },
525 ds => {
526 description => "The list of datasources you want to display.",
527 type => 'string', format => 'pve-configid-list',
528 },
529 cf => {
530 description => "The RRD consolidation function",
531 type => 'string',
532 enum => [ 'AVERAGE', 'MAX' ],
533 optional => 1,
534 },
535 },
536 },
537 returns => {
538 type => "object",
539 properties => {
540 filename => { type => 'string' },
541 },
542 },
543 code => sub {
544 my ($param) = @_;
545
546 return PVE::Cluster::create_rrd_graph(
547 "pve2-vm/$param->{vmid}", $param->{timeframe},
548 $param->{ds}, $param->{cf});
549
550 }});
551
552 __PACKAGE__->register_method({
553 name => 'rrddata',
554 path => '{vmid}/rrddata',
555 method => 'GET',
556 protected => 1, # fixme: can we avoid that?
557 permissions => {
558 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
559 },
560 description => "Read VM RRD statistics",
561 parameters => {
562 additionalProperties => 0,
563 properties => {
564 node => get_standard_option('pve-node'),
565 vmid => get_standard_option('pve-vmid'),
566 timeframe => {
567 description => "Specify the time frame you are interested in.",
568 type => 'string',
569 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
570 },
571 cf => {
572 description => "The RRD consolidation function",
573 type => 'string',
574 enum => [ 'AVERAGE', 'MAX' ],
575 optional => 1,
576 },
577 },
578 },
579 returns => {
580 type => "array",
581 items => {
582 type => "object",
583 properties => {},
584 },
585 },
586 code => sub {
587 my ($param) = @_;
588
589 return PVE::Cluster::create_rrd_data(
590 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
591 }});
592
593
594 __PACKAGE__->register_method({
595 name => 'vm_config',
596 path => '{vmid}/config',
597 method => 'GET',
598 proxyto => 'node',
599 description => "Get virtual machine configuration.",
600 permissions => {
601 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
602 },
603 parameters => {
604 additionalProperties => 0,
605 properties => {
606 node => get_standard_option('pve-node'),
607 vmid => get_standard_option('pve-vmid'),
608 },
609 },
610 returns => {
611 type => "object",
612 properties => {
613 digest => {
614 type => 'string',
615 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
616 }
617 },
618 },
619 code => sub {
620 my ($param) = @_;
621
622 my $conf = PVE::QemuServer::load_config($param->{vmid});
623
624 delete $conf->{snapshots};
625
626 return $conf;
627 }});
628
629 my $vm_is_volid_owner = sub {
630 my ($storecfg, $vmid, $volid) =@_;
631
632 if ($volid !~ m|^/|) {
633 my ($path, $owner);
634 eval { ($path, $owner) = PVE::Storage::path($storecfg, $volid); };
635 if ($owner && ($owner == $vmid)) {
636 return 1;
637 }
638 }
639
640 return undef;
641 };
642
643 my $test_deallocate_drive = sub {
644 my ($storecfg, $vmid, $key, $drive, $force) = @_;
645
646 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
647 my $volid = $drive->{file};
648 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
649 if ($force || $key =~ m/^unused/) {
650 my $sid = PVE::Storage::parse_volume_id($volid);
651 return $sid;
652 }
653 }
654 }
655
656 return undef;
657 };
658
659 my $delete_drive = sub {
660 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
661
662 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
663 my $volid = $drive->{file};
664
665 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
666 if ($force || $key =~ m/^unused/) {
667 eval {
668 # check if the disk is really unused
669 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key);
670 my $path = PVE::Storage::path($storecfg, $volid);
671
672 die "unable to delete '$volid' - volume is still in use (snapshot?)\n"
673 if $used_paths->{$path};
674
675 PVE::Storage::vdisk_free($storecfg, $volid);
676 };
677 die $@ if $@;
678 } else {
679 PVE::QemuServer::add_unused_volume($conf, $volid, $vmid);
680 }
681 }
682 }
683
684 delete $conf->{$key};
685 };
686
687 my $vmconfig_delete_option = sub {
688 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
689
690 return if !defined($conf->{$opt});
691
692 my $isDisk = PVE::QemuServer::valid_drivename($opt)|| ($opt =~ m/^unused/);
693
694 if ($isDisk) {
695 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
696
697 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
698 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
699 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.Allocate']);
700 }
701 }
702
703 my $unplugwarning = "";
704 if($conf->{ostype} && $conf->{ostype} eq 'l26'){
705 $unplugwarning = "<br>verify that you have acpiphp && pci_hotplug modules loaded in your guest VM";
706 }elsif($conf->{ostype} && $conf->{ostype} eq 'l24'){
707 $unplugwarning = "<br>kernel 2.4 don't support hotplug, please disable hotplug in options";
708 }elsif(!$conf->{ostype} || ($conf->{ostype} && $conf->{ostype} eq 'other')){
709 $unplugwarning = "<br>verify that your guest support acpi hotplug";
710 }
711
712 if($opt eq 'tablet'){
713 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
714 }else{
715 die "error hot-unplug $opt $unplugwarning" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
716 }
717
718 if ($isDisk) {
719 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
720 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
721 } else {
722 delete $conf->{$opt};
723 }
724
725 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
726 };
727
728 my $safe_num_ne = sub {
729 my ($a, $b) = @_;
730
731 return 0 if !defined($a) && !defined($b);
732 return 1 if !defined($a);
733 return 1 if !defined($b);
734
735 return $a != $b;
736 };
737
738 my $vmconfig_update_disk = sub {
739 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
740
741 my $drive = PVE::QemuServer::parse_drive($opt, $value);
742
743 if (PVE::QemuServer::drive_is_cdrom($drive)) { #cdrom
744 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
745 } else {
746 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
747 }
748
749 if ($conf->{$opt}) {
750
751 if (my $old_drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt})) {
752
753 my $media = $drive->{media} || 'disk';
754 my $oldmedia = $old_drive->{media} || 'disk';
755 die "unable to change media type\n" if $media ne $oldmedia;
756
757 if (!PVE::QemuServer::drive_is_cdrom($old_drive) &&
758 ($drive->{file} ne $old_drive->{file})) { # delete old disks
759
760 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
761 $conf = PVE::QemuServer::load_config($vmid); # update/reload
762 }
763
764 if(&$safe_num_ne($drive->{mbps}, $old_drive->{mbps}) ||
765 &$safe_num_ne($drive->{mbps_rd}, $old_drive->{mbps_rd}) ||
766 &$safe_num_ne($drive->{mbps_wr}, $old_drive->{mbps_wr}) ||
767 &$safe_num_ne($drive->{iops}, $old_drive->{iops}) ||
768 &$safe_num_ne($drive->{iops_rd}, $old_drive->{iops_rd}) ||
769 &$safe_num_ne($drive->{iops_wr}, $old_drive->{iops_wr})) {
770 PVE::QemuServer::qemu_block_set_io_throttle($vmid,"drive-$opt",
771 ($drive->{mbps} || 0)*1024*1024,
772 ($drive->{mbps_rd} || 0)*1024*1024,
773 ($drive->{mbps_wr} || 0)*1024*1024,
774 $drive->{iops} || 0,
775 $drive->{iops_rd} || 0,
776 $drive->{iops_wr} || 0)
777 if !PVE::QemuServer::drive_is_cdrom($drive);
778 }
779 }
780 }
781
782 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
783 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
784
785 $conf = PVE::QemuServer::load_config($vmid); # update/reload
786 $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
787
788 if (PVE::QemuServer::drive_is_cdrom($drive)) { # cdrom
789
790 if (PVE::QemuServer::check_running($vmid)) {
791 if ($drive->{file} eq 'none') {
792 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt");
793 } else {
794 my $path = PVE::QemuServer::get_iso_path($storecfg, $vmid, $drive->{file});
795 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt"); #force eject if locked
796 PVE::QemuServer::vm_mon_cmd($vmid, "change",device => "drive-$opt",target => "$path") if $path;
797 }
798 }
799
800 } else { # hotplug new disks
801
802 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
803 }
804 };
805
806 my $vmconfig_update_net = sub {
807 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value) = @_;
808
809 if ($conf->{$opt} && PVE::QemuServer::check_running($vmid)) {
810 my $oldnet = PVE::QemuServer::parse_net($conf->{$opt});
811 my $newnet = PVE::QemuServer::parse_net($value);
812
813 if($oldnet->{model} ne $newnet->{model}){
814 #if model change, we try to hot-unplug
815 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
816 }else{
817
818 if($newnet->{bridge} && $oldnet->{bridge}){
819 my $iface = "tap".$vmid."i".$1 if $opt =~ m/net(\d+)/;
820
821 if($newnet->{rate} ne $oldnet->{rate}){
822 PVE::Network::tap_rate_limit($iface, $newnet->{rate});
823 }
824
825 if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag})){
826 eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag});};
827 PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag});
828 }
829
830 }else{
831 #if bridge/nat mode change, we try to hot-unplug
832 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
833 }
834 }
835
836 }
837 $conf->{$opt} = $value;
838 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
839 $conf = PVE::QemuServer::load_config($vmid); # update/reload
840
841 my $net = PVE::QemuServer::parse_net($conf->{$opt});
842
843 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $net);
844 };
845
846 # POST/PUT {vmid}/config implementation
847 #
848 # The original API used PUT (idempotent) an we assumed that all operations
849 # are fast. But it turned out that almost any configuration change can
850 # involve hot-plug actions, or disk alloc/free. Such actions can take long
851 # time to complete and have side effects (not idempotent).
852 #
853 # The new implementation uses POST and forks a worker process. We added
854 # a new option 'background_delay'. If specified we wait up to
855 # 'background_delay' second for the worker task to complete. It returns null
856 # if the task is finished within that time, else we return the UPID.
857
858 my $update_vm_api = sub {
859 my ($param, $sync) = @_;
860
861 my $rpcenv = PVE::RPCEnvironment::get();
862
863 my $authuser = $rpcenv->get_user();
864
865 my $node = extract_param($param, 'node');
866
867 my $vmid = extract_param($param, 'vmid');
868
869 my $digest = extract_param($param, 'digest');
870
871 my $background_delay = extract_param($param, 'background_delay');
872
873 my @paramarr = (); # used for log message
874 foreach my $key (keys %$param) {
875 push @paramarr, "-$key", $param->{$key};
876 }
877
878 my $skiplock = extract_param($param, 'skiplock');
879 raise_param_exc({ skiplock => "Only root may use this option." })
880 if $skiplock && $authuser ne 'root@pam';
881
882 my $delete_str = extract_param($param, 'delete');
883
884 my $force = extract_param($param, 'force');
885
886 die "no options specified\n" if !$delete_str && !scalar(keys %$param);
887
888 my $storecfg = PVE::Storage::config();
889
890 my $defaults = PVE::QemuServer::load_defaults();
891
892 &$resolve_cdrom_alias($param);
893
894 # now try to verify all parameters
895
896 my @delete = ();
897 foreach my $opt (PVE::Tools::split_list($delete_str)) {
898 $opt = 'ide2' if $opt eq 'cdrom';
899 raise_param_exc({ delete => "you can't use '-$opt' and " .
900 "-delete $opt' at the same time" })
901 if defined($param->{$opt});
902
903 if (!PVE::QemuServer::option_exists($opt)) {
904 raise_param_exc({ delete => "unknown option '$opt'" });
905 }
906
907 push @delete, $opt;
908 }
909
910 foreach my $opt (keys %$param) {
911 if (PVE::QemuServer::valid_drivename($opt)) {
912 # cleanup drive path
913 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
914 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
915 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
916 } elsif ($opt =~ m/^net(\d+)$/) {
917 # add macaddr
918 my $net = PVE::QemuServer::parse_net($param->{$opt});
919 $param->{$opt} = PVE::QemuServer::print_net($net);
920 }
921 }
922
923 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
924
925 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
926
927 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
928
929 my $updatefn = sub {
930
931 my $conf = PVE::QemuServer::load_config($vmid);
932
933 die "checksum missmatch (file change by other user?)\n"
934 if $digest && $digest ne $conf->{digest};
935
936 PVE::QemuServer::check_lock($conf) if !$skiplock;
937
938 if ($param->{memory} || defined($param->{balloon})) {
939 my $maxmem = $param->{memory} || $conf->{memory} || $defaults->{memory};
940 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{balloon};
941
942 die "balloon value too large (must be smaller than assigned memory)\n"
943 if $balloon && $balloon > $maxmem;
944 }
945
946 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
947
948 my $worker = sub {
949
950 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
951
952 foreach my $opt (@delete) { # delete
953 $conf = PVE::QemuServer::load_config($vmid); # update/reload
954 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
955 }
956
957 my $running = PVE::QemuServer::check_running($vmid);
958
959 foreach my $opt (keys %$param) { # add/change
960
961 $conf = PVE::QemuServer::load_config($vmid); # update/reload
962
963 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
964
965 if (PVE::QemuServer::valid_drivename($opt)) {
966
967 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
968 $opt, $param->{$opt}, $force);
969
970 } elsif ($opt =~ m/^net(\d+)$/) { #nics
971
972 &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
973 $opt, $param->{$opt});
974
975 } else {
976
977 if($opt eq 'tablet' && $param->{$opt} == 1){
978 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
979 } elsif($opt eq 'tablet' && $param->{$opt} == 0){
980 PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
981 }
982
983 $conf->{$opt} = $param->{$opt};
984 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
985 }
986 }
987
988 # allow manual ballooning if shares is set to zero
989 if ($running && defined($param->{balloon}) &&
990 defined($conf->{shares}) && ($conf->{shares} == 0)) {
991 my $balloon = $param->{'balloon'} || $conf->{memory} || $defaults->{memory};
992 PVE::QemuServer::vm_mon_cmd($vmid, "balloon", value => $balloon*1024*1024);
993 }
994 };
995
996 if ($sync) {
997 &$worker();
998 return undef;
999 } else {
1000 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1001
1002 if ($background_delay) {
1003
1004 # Note: It would be better to do that in the Event based HTTPServer
1005 # to avoid blocking call to sleep.
1006
1007 my $end_time = time() + $background_delay;
1008
1009 my $task = PVE::Tools::upid_decode($upid);
1010
1011 my $running = 1;
1012 while (time() < $end_time) {
1013 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1014 last if !$running;
1015 sleep(1); # this gets interrupted when child process ends
1016 }
1017
1018 if (!$running) {
1019 my $status = PVE::Tools::upid_read_status($upid);
1020 return undef if $status eq 'OK';
1021 die $status;
1022 }
1023 }
1024
1025 return $upid;
1026 }
1027 };
1028
1029 return PVE::QemuServer::lock_config($vmid, $updatefn);
1030 };
1031
1032 my $vm_config_perm_list = [
1033 'VM.Config.Disk',
1034 'VM.Config.CDROM',
1035 'VM.Config.CPU',
1036 'VM.Config.Memory',
1037 'VM.Config.Network',
1038 'VM.Config.HWType',
1039 'VM.Config.Options',
1040 ];
1041
1042 __PACKAGE__->register_method({
1043 name => 'update_vm_async',
1044 path => '{vmid}/config',
1045 method => 'POST',
1046 protected => 1,
1047 proxyto => 'node',
1048 description => "Set virtual machine options (asynchrounous API).",
1049 permissions => {
1050 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1051 },
1052 parameters => {
1053 additionalProperties => 0,
1054 properties => PVE::QemuServer::json_config_properties(
1055 {
1056 node => get_standard_option('pve-node'),
1057 vmid => get_standard_option('pve-vmid'),
1058 skiplock => get_standard_option('skiplock'),
1059 delete => {
1060 type => 'string', format => 'pve-configid-list',
1061 description => "A list of settings you want to delete.",
1062 optional => 1,
1063 },
1064 force => {
1065 type => 'boolean',
1066 description => $opt_force_description,
1067 optional => 1,
1068 requires => 'delete',
1069 },
1070 digest => {
1071 type => 'string',
1072 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1073 maxLength => 40,
1074 optional => 1,
1075 },
1076 background_delay => {
1077 type => 'integer',
1078 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1079 minimum => 1,
1080 maximum => 30,
1081 optional => 1,
1082 },
1083 }),
1084 },
1085 returns => {
1086 type => 'string',
1087 optional => 1,
1088 },
1089 code => $update_vm_api,
1090 });
1091
1092 __PACKAGE__->register_method({
1093 name => 'update_vm',
1094 path => '{vmid}/config',
1095 method => 'PUT',
1096 protected => 1,
1097 proxyto => 'node',
1098 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1099 permissions => {
1100 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1101 },
1102 parameters => {
1103 additionalProperties => 0,
1104 properties => PVE::QemuServer::json_config_properties(
1105 {
1106 node => get_standard_option('pve-node'),
1107 vmid => get_standard_option('pve-vmid'),
1108 skiplock => get_standard_option('skiplock'),
1109 delete => {
1110 type => 'string', format => 'pve-configid-list',
1111 description => "A list of settings you want to delete.",
1112 optional => 1,
1113 },
1114 force => {
1115 type => 'boolean',
1116 description => $opt_force_description,
1117 optional => 1,
1118 requires => 'delete',
1119 },
1120 digest => {
1121 type => 'string',
1122 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1123 maxLength => 40,
1124 optional => 1,
1125 },
1126 }),
1127 },
1128 returns => { type => 'null' },
1129 code => sub {
1130 my ($param) = @_;
1131 &$update_vm_api($param, 1);
1132 return undef;
1133 }
1134 });
1135
1136
1137 __PACKAGE__->register_method({
1138 name => 'destroy_vm',
1139 path => '{vmid}',
1140 method => 'DELETE',
1141 protected => 1,
1142 proxyto => 'node',
1143 description => "Destroy the vm (also delete all used/owned volumes).",
1144 permissions => {
1145 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1146 },
1147 parameters => {
1148 additionalProperties => 0,
1149 properties => {
1150 node => get_standard_option('pve-node'),
1151 vmid => get_standard_option('pve-vmid'),
1152 skiplock => get_standard_option('skiplock'),
1153 },
1154 },
1155 returns => {
1156 type => 'string',
1157 },
1158 code => sub {
1159 my ($param) = @_;
1160
1161 my $rpcenv = PVE::RPCEnvironment::get();
1162
1163 my $authuser = $rpcenv->get_user();
1164
1165 my $vmid = $param->{vmid};
1166
1167 my $skiplock = $param->{skiplock};
1168 raise_param_exc({ skiplock => "Only root may use this option." })
1169 if $skiplock && $authuser ne 'root@pam';
1170
1171 # test if VM exists
1172 my $conf = PVE::QemuServer::load_config($vmid);
1173
1174 my $storecfg = PVE::Storage::config();
1175
1176 my $delVMfromPoolFn = sub {
1177 my $usercfg = cfs_read_file("user.cfg");
1178 if (my $pool = $usercfg->{vms}->{$vmid}) {
1179 if (my $data = $usercfg->{pools}->{$pool}) {
1180 delete $data->{vms}->{$vmid};
1181 delete $usercfg->{vms}->{$vmid};
1182 cfs_write_file("user.cfg", $usercfg);
1183 }
1184 }
1185 };
1186
1187 my $realcmd = sub {
1188 my $upid = shift;
1189
1190 syslog('info', "destroy VM $vmid: $upid\n");
1191
1192 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1193
1194 PVE::AccessControl::remove_vm_from_pool($vmid);
1195 };
1196
1197 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1198 }});
1199
1200 __PACKAGE__->register_method({
1201 name => 'unlink',
1202 path => '{vmid}/unlink',
1203 method => 'PUT',
1204 protected => 1,
1205 proxyto => 'node',
1206 description => "Unlink/delete disk images.",
1207 permissions => {
1208 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1209 },
1210 parameters => {
1211 additionalProperties => 0,
1212 properties => {
1213 node => get_standard_option('pve-node'),
1214 vmid => get_standard_option('pve-vmid'),
1215 idlist => {
1216 type => 'string', format => 'pve-configid-list',
1217 description => "A list of disk IDs you want to delete.",
1218 },
1219 force => {
1220 type => 'boolean',
1221 description => $opt_force_description,
1222 optional => 1,
1223 },
1224 },
1225 },
1226 returns => { type => 'null'},
1227 code => sub {
1228 my ($param) = @_;
1229
1230 $param->{delete} = extract_param($param, 'idlist');
1231
1232 __PACKAGE__->update_vm($param);
1233
1234 return undef;
1235 }});
1236
1237 my $sslcert;
1238
1239 __PACKAGE__->register_method({
1240 name => 'vncproxy',
1241 path => '{vmid}/vncproxy',
1242 method => 'POST',
1243 protected => 1,
1244 permissions => {
1245 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1246 },
1247 description => "Creates a TCP VNC proxy connections.",
1248 parameters => {
1249 additionalProperties => 0,
1250 properties => {
1251 node => get_standard_option('pve-node'),
1252 vmid => get_standard_option('pve-vmid'),
1253 },
1254 },
1255 returns => {
1256 additionalProperties => 0,
1257 properties => {
1258 user => { type => 'string' },
1259 ticket => { type => 'string' },
1260 cert => { type => 'string' },
1261 port => { type => 'integer' },
1262 upid => { type => 'string' },
1263 },
1264 },
1265 code => sub {
1266 my ($param) = @_;
1267
1268 my $rpcenv = PVE::RPCEnvironment::get();
1269
1270 my $authuser = $rpcenv->get_user();
1271
1272 my $vmid = $param->{vmid};
1273 my $node = $param->{node};
1274
1275 my $authpath = "/vms/$vmid";
1276
1277 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1278
1279 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1280 if !$sslcert;
1281
1282 my $port = PVE::Tools::next_vnc_port();
1283
1284 my $remip;
1285
1286 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1287 $remip = PVE::Cluster::remote_node_ip($node);
1288 }
1289
1290 # NOTE: kvm VNC traffic is already TLS encrypted
1291 my $remcmd = $remip ? ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip] : [];
1292
1293 my $timeout = 10;
1294
1295 my $realcmd = sub {
1296 my $upid = shift;
1297
1298 syslog('info', "starting vnc proxy $upid\n");
1299
1300 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1301
1302 my $qmstr = join(' ', @$qmcmd);
1303
1304 # also redirect stderr (else we get RFB protocol errors)
1305 my $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
1306
1307 PVE::Tools::run_command($cmd);
1308
1309 return;
1310 };
1311
1312 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1313
1314 PVE::Tools::wait_for_vnc_port($port);
1315
1316 return {
1317 user => $authuser,
1318 ticket => $ticket,
1319 port => $port,
1320 upid => $upid,
1321 cert => $sslcert,
1322 };
1323 }});
1324
1325 __PACKAGE__->register_method({
1326 name => 'spiceproxy',
1327 path => '{vmid}/spiceproxy',
1328 method => 'GET',
1329 protected => 1,
1330 proxyto => 'node', # fixme: use direct connections or ssh tunnel?
1331 permissions => {
1332 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1333 },
1334 description => "Returns a SPICE configuration to connect to the VM.",
1335 parameters => {
1336 additionalProperties => 0,
1337 properties => {
1338 node => get_standard_option('pve-node'),
1339 vmid => get_standard_option('pve-vmid'),
1340 },
1341 },
1342 returns => {
1343 additionalProperties => 1,
1344 properties => {
1345 type => { type => 'string' },
1346 password => { type => 'string' },
1347 proxy => { type => 'string' },
1348 host => { type => 'string' },
1349 port => { type => 'integer' },
1350 },
1351 },
1352 code => sub {
1353 my ($param) = @_;
1354
1355 my $rpcenv = PVE::RPCEnvironment::get();
1356
1357 my $authuser = $rpcenv->get_user();
1358
1359 my $vmid = $param->{vmid};
1360 my $node = $param->{node};
1361
1362 my $remip;
1363
1364 # Note: we currectly use "proxyto => 'node'", so this code will never trigger
1365 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1366 $remip = PVE::Cluster::remote_node_ip($node);
1367 }
1368
1369 my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $node);
1370
1371 my $timeout = 10;
1372
1373 # Note: this only works if VM is on local node
1374 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1375 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1376
1377 # allow access for group www-data to the spice socket,
1378 # so that spiceproxy can access it
1379 my $socket = PVE::QemuServer::spice_socket($vmid);
1380 my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
1381 chown 0, $gid, $socket;
1382 chmod 0770, $socket;
1383
1384 # fimxe: ??
1385 my $host = `hostname -f` || PVE::INotify::nodename();
1386 chomp $host;
1387
1388 return {
1389 type => 'spice',
1390 host => $proxyticket,
1391 proxy => $host,
1392 port => 0, # not used for now
1393 password => $ticket
1394 };
1395 }});
1396
1397 __PACKAGE__->register_method({
1398 name => 'vmcmdidx',
1399 path => '{vmid}/status',
1400 method => 'GET',
1401 proxyto => 'node',
1402 description => "Directory index",
1403 permissions => {
1404 user => 'all',
1405 },
1406 parameters => {
1407 additionalProperties => 0,
1408 properties => {
1409 node => get_standard_option('pve-node'),
1410 vmid => get_standard_option('pve-vmid'),
1411 },
1412 },
1413 returns => {
1414 type => 'array',
1415 items => {
1416 type => "object",
1417 properties => {
1418 subdir => { type => 'string' },
1419 },
1420 },
1421 links => [ { rel => 'child', href => "{subdir}" } ],
1422 },
1423 code => sub {
1424 my ($param) = @_;
1425
1426 # test if VM exists
1427 my $conf = PVE::QemuServer::load_config($param->{vmid});
1428
1429 my $res = [
1430 { subdir => 'current' },
1431 { subdir => 'start' },
1432 { subdir => 'stop' },
1433 ];
1434
1435 return $res;
1436 }});
1437
1438 my $vm_is_ha_managed = sub {
1439 my ($vmid) = @_;
1440
1441 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1442 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $vmid, 1)) {
1443 return 1;
1444 }
1445 return 0;
1446 };
1447
1448 __PACKAGE__->register_method({
1449 name => 'vm_status',
1450 path => '{vmid}/status/current',
1451 method => 'GET',
1452 proxyto => 'node',
1453 protected => 1, # qemu pid files are only readable by root
1454 description => "Get virtual machine status.",
1455 permissions => {
1456 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1457 },
1458 parameters => {
1459 additionalProperties => 0,
1460 properties => {
1461 node => get_standard_option('pve-node'),
1462 vmid => get_standard_option('pve-vmid'),
1463 },
1464 },
1465 returns => { type => 'object' },
1466 code => sub {
1467 my ($param) = @_;
1468
1469 # test if VM exists
1470 my $conf = PVE::QemuServer::load_config($param->{vmid});
1471
1472 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1473 my $status = $vmstatus->{$param->{vmid}};
1474
1475 $status->{ha} = &$vm_is_ha_managed($param->{vmid});
1476
1477 return $status;
1478 }});
1479
1480 __PACKAGE__->register_method({
1481 name => 'vm_start',
1482 path => '{vmid}/status/start',
1483 method => 'POST',
1484 protected => 1,
1485 proxyto => 'node',
1486 description => "Start virtual machine.",
1487 permissions => {
1488 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1489 },
1490 parameters => {
1491 additionalProperties => 0,
1492 properties => {
1493 node => get_standard_option('pve-node'),
1494 vmid => get_standard_option('pve-vmid'),
1495 skiplock => get_standard_option('skiplock'),
1496 stateuri => get_standard_option('pve-qm-stateuri'),
1497 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1498 machine => get_standard_option('pve-qm-machine'),
1499 },
1500 },
1501 returns => {
1502 type => 'string',
1503 },
1504 code => sub {
1505 my ($param) = @_;
1506
1507 my $rpcenv = PVE::RPCEnvironment::get();
1508
1509 my $authuser = $rpcenv->get_user();
1510
1511 my $node = extract_param($param, 'node');
1512
1513 my $vmid = extract_param($param, 'vmid');
1514
1515 my $machine = extract_param($param, 'machine');
1516
1517 my $stateuri = extract_param($param, 'stateuri');
1518 raise_param_exc({ stateuri => "Only root may use this option." })
1519 if $stateuri && $authuser ne 'root@pam';
1520
1521 my $skiplock = extract_param($param, 'skiplock');
1522 raise_param_exc({ skiplock => "Only root may use this option." })
1523 if $skiplock && $authuser ne 'root@pam';
1524
1525 my $migratedfrom = extract_param($param, 'migratedfrom');
1526 raise_param_exc({ migratedfrom => "Only root may use this option." })
1527 if $migratedfrom && $authuser ne 'root@pam';
1528
1529 my $storecfg = PVE::Storage::config();
1530
1531 if (&$vm_is_ha_managed($vmid) && !$stateuri &&
1532 $rpcenv->{type} ne 'ha') {
1533
1534 my $hacmd = sub {
1535 my $upid = shift;
1536
1537 my $service = "pvevm:$vmid";
1538
1539 my $cmd = ['clusvcadm', '-e', $service, '-m', $node];
1540
1541 print "Executing HA start for VM $vmid\n";
1542
1543 PVE::Tools::run_command($cmd);
1544
1545 return;
1546 };
1547
1548 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1549
1550 } else {
1551
1552 my $realcmd = sub {
1553 my $upid = shift;
1554
1555 syslog('info', "start VM $vmid: $upid\n");
1556
1557 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, $machine);
1558
1559 return;
1560 };
1561
1562 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1563 }
1564 }});
1565
1566 __PACKAGE__->register_method({
1567 name => 'vm_stop',
1568 path => '{vmid}/status/stop',
1569 method => 'POST',
1570 protected => 1,
1571 proxyto => 'node',
1572 description => "Stop virtual machine.",
1573 permissions => {
1574 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1575 },
1576 parameters => {
1577 additionalProperties => 0,
1578 properties => {
1579 node => get_standard_option('pve-node'),
1580 vmid => get_standard_option('pve-vmid'),
1581 skiplock => get_standard_option('skiplock'),
1582 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1583 timeout => {
1584 description => "Wait maximal timeout seconds.",
1585 type => 'integer',
1586 minimum => 0,
1587 optional => 1,
1588 },
1589 keepActive => {
1590 description => "Do not decativate storage volumes.",
1591 type => 'boolean',
1592 optional => 1,
1593 default => 0,
1594 }
1595 },
1596 },
1597 returns => {
1598 type => 'string',
1599 },
1600 code => sub {
1601 my ($param) = @_;
1602
1603 my $rpcenv = PVE::RPCEnvironment::get();
1604
1605 my $authuser = $rpcenv->get_user();
1606
1607 my $node = extract_param($param, 'node');
1608
1609 my $vmid = extract_param($param, 'vmid');
1610
1611 my $skiplock = extract_param($param, 'skiplock');
1612 raise_param_exc({ skiplock => "Only root may use this option." })
1613 if $skiplock && $authuser ne 'root@pam';
1614
1615 my $keepActive = extract_param($param, 'keepActive');
1616 raise_param_exc({ keepActive => "Only root may use this option." })
1617 if $keepActive && $authuser ne 'root@pam';
1618
1619 my $migratedfrom = extract_param($param, 'migratedfrom');
1620 raise_param_exc({ migratedfrom => "Only root may use this option." })
1621 if $migratedfrom && $authuser ne 'root@pam';
1622
1623
1624 my $storecfg = PVE::Storage::config();
1625
1626 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
1627
1628 my $hacmd = sub {
1629 my $upid = shift;
1630
1631 my $service = "pvevm:$vmid";
1632
1633 my $cmd = ['clusvcadm', '-d', $service];
1634
1635 print "Executing HA stop for VM $vmid\n";
1636
1637 PVE::Tools::run_command($cmd);
1638
1639 return;
1640 };
1641
1642 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1643
1644 } else {
1645 my $realcmd = sub {
1646 my $upid = shift;
1647
1648 syslog('info', "stop VM $vmid: $upid\n");
1649
1650 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1651 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1652
1653 return;
1654 };
1655
1656 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1657 }
1658 }});
1659
1660 __PACKAGE__->register_method({
1661 name => 'vm_reset',
1662 path => '{vmid}/status/reset',
1663 method => 'POST',
1664 protected => 1,
1665 proxyto => 'node',
1666 description => "Reset virtual machine.",
1667 permissions => {
1668 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1669 },
1670 parameters => {
1671 additionalProperties => 0,
1672 properties => {
1673 node => get_standard_option('pve-node'),
1674 vmid => get_standard_option('pve-vmid'),
1675 skiplock => get_standard_option('skiplock'),
1676 },
1677 },
1678 returns => {
1679 type => 'string',
1680 },
1681 code => sub {
1682 my ($param) = @_;
1683
1684 my $rpcenv = PVE::RPCEnvironment::get();
1685
1686 my $authuser = $rpcenv->get_user();
1687
1688 my $node = extract_param($param, 'node');
1689
1690 my $vmid = extract_param($param, 'vmid');
1691
1692 my $skiplock = extract_param($param, 'skiplock');
1693 raise_param_exc({ skiplock => "Only root may use this option." })
1694 if $skiplock && $authuser ne 'root@pam';
1695
1696 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1697
1698 my $realcmd = sub {
1699 my $upid = shift;
1700
1701 PVE::QemuServer::vm_reset($vmid, $skiplock);
1702
1703 return;
1704 };
1705
1706 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1707 }});
1708
1709 __PACKAGE__->register_method({
1710 name => 'vm_shutdown',
1711 path => '{vmid}/status/shutdown',
1712 method => 'POST',
1713 protected => 1,
1714 proxyto => 'node',
1715 description => "Shutdown virtual machine.",
1716 permissions => {
1717 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1718 },
1719 parameters => {
1720 additionalProperties => 0,
1721 properties => {
1722 node => get_standard_option('pve-node'),
1723 vmid => get_standard_option('pve-vmid'),
1724 skiplock => get_standard_option('skiplock'),
1725 timeout => {
1726 description => "Wait maximal timeout seconds.",
1727 type => 'integer',
1728 minimum => 0,
1729 optional => 1,
1730 },
1731 forceStop => {
1732 description => "Make sure the VM stops.",
1733 type => 'boolean',
1734 optional => 1,
1735 default => 0,
1736 },
1737 keepActive => {
1738 description => "Do not decativate storage volumes.",
1739 type => 'boolean',
1740 optional => 1,
1741 default => 0,
1742 }
1743 },
1744 },
1745 returns => {
1746 type => 'string',
1747 },
1748 code => sub {
1749 my ($param) = @_;
1750
1751 my $rpcenv = PVE::RPCEnvironment::get();
1752
1753 my $authuser = $rpcenv->get_user();
1754
1755 my $node = extract_param($param, 'node');
1756
1757 my $vmid = extract_param($param, 'vmid');
1758
1759 my $skiplock = extract_param($param, 'skiplock');
1760 raise_param_exc({ skiplock => "Only root may use this option." })
1761 if $skiplock && $authuser ne 'root@pam';
1762
1763 my $keepActive = extract_param($param, 'keepActive');
1764 raise_param_exc({ keepActive => "Only root may use this option." })
1765 if $keepActive && $authuser ne 'root@pam';
1766
1767 my $storecfg = PVE::Storage::config();
1768
1769 my $realcmd = sub {
1770 my $upid = shift;
1771
1772 syslog('info', "shutdown VM $vmid: $upid\n");
1773
1774 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1775 1, $param->{forceStop}, $keepActive);
1776
1777 return;
1778 };
1779
1780 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1781 }});
1782
1783 __PACKAGE__->register_method({
1784 name => 'vm_suspend',
1785 path => '{vmid}/status/suspend',
1786 method => 'POST',
1787 protected => 1,
1788 proxyto => 'node',
1789 description => "Suspend virtual machine.",
1790 permissions => {
1791 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1792 },
1793 parameters => {
1794 additionalProperties => 0,
1795 properties => {
1796 node => get_standard_option('pve-node'),
1797 vmid => get_standard_option('pve-vmid'),
1798 skiplock => get_standard_option('skiplock'),
1799 },
1800 },
1801 returns => {
1802 type => 'string',
1803 },
1804 code => sub {
1805 my ($param) = @_;
1806
1807 my $rpcenv = PVE::RPCEnvironment::get();
1808
1809 my $authuser = $rpcenv->get_user();
1810
1811 my $node = extract_param($param, 'node');
1812
1813 my $vmid = extract_param($param, 'vmid');
1814
1815 my $skiplock = extract_param($param, 'skiplock');
1816 raise_param_exc({ skiplock => "Only root may use this option." })
1817 if $skiplock && $authuser ne 'root@pam';
1818
1819 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1820
1821 my $realcmd = sub {
1822 my $upid = shift;
1823
1824 syslog('info', "suspend VM $vmid: $upid\n");
1825
1826 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1827
1828 return;
1829 };
1830
1831 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1832 }});
1833
1834 __PACKAGE__->register_method({
1835 name => 'vm_resume',
1836 path => '{vmid}/status/resume',
1837 method => 'POST',
1838 protected => 1,
1839 proxyto => 'node',
1840 description => "Resume virtual machine.",
1841 permissions => {
1842 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1843 },
1844 parameters => {
1845 additionalProperties => 0,
1846 properties => {
1847 node => get_standard_option('pve-node'),
1848 vmid => get_standard_option('pve-vmid'),
1849 skiplock => get_standard_option('skiplock'),
1850 },
1851 },
1852 returns => {
1853 type => 'string',
1854 },
1855 code => sub {
1856 my ($param) = @_;
1857
1858 my $rpcenv = PVE::RPCEnvironment::get();
1859
1860 my $authuser = $rpcenv->get_user();
1861
1862 my $node = extract_param($param, 'node');
1863
1864 my $vmid = extract_param($param, 'vmid');
1865
1866 my $skiplock = extract_param($param, 'skiplock');
1867 raise_param_exc({ skiplock => "Only root may use this option." })
1868 if $skiplock && $authuser ne 'root@pam';
1869
1870 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1871
1872 my $realcmd = sub {
1873 my $upid = shift;
1874
1875 syslog('info', "resume VM $vmid: $upid\n");
1876
1877 PVE::QemuServer::vm_resume($vmid, $skiplock);
1878
1879 return;
1880 };
1881
1882 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1883 }});
1884
1885 __PACKAGE__->register_method({
1886 name => 'vm_sendkey',
1887 path => '{vmid}/sendkey',
1888 method => 'PUT',
1889 protected => 1,
1890 proxyto => 'node',
1891 description => "Send key event to virtual machine.",
1892 permissions => {
1893 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1894 },
1895 parameters => {
1896 additionalProperties => 0,
1897 properties => {
1898 node => get_standard_option('pve-node'),
1899 vmid => get_standard_option('pve-vmid'),
1900 skiplock => get_standard_option('skiplock'),
1901 key => {
1902 description => "The key (qemu monitor encoding).",
1903 type => 'string'
1904 }
1905 },
1906 },
1907 returns => { type => 'null'},
1908 code => sub {
1909 my ($param) = @_;
1910
1911 my $rpcenv = PVE::RPCEnvironment::get();
1912
1913 my $authuser = $rpcenv->get_user();
1914
1915 my $node = extract_param($param, 'node');
1916
1917 my $vmid = extract_param($param, 'vmid');
1918
1919 my $skiplock = extract_param($param, 'skiplock');
1920 raise_param_exc({ skiplock => "Only root may use this option." })
1921 if $skiplock && $authuser ne 'root@pam';
1922
1923 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
1924
1925 return;
1926 }});
1927
1928 __PACKAGE__->register_method({
1929 name => 'vm_feature',
1930 path => '{vmid}/feature',
1931 method => 'GET',
1932 proxyto => 'node',
1933 protected => 1,
1934 description => "Check if feature for virtual machine is available.",
1935 permissions => {
1936 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1937 },
1938 parameters => {
1939 additionalProperties => 0,
1940 properties => {
1941 node => get_standard_option('pve-node'),
1942 vmid => get_standard_option('pve-vmid'),
1943 feature => {
1944 description => "Feature to check.",
1945 type => 'string',
1946 enum => [ 'snapshot', 'clone', 'copy' ],
1947 },
1948 snapname => get_standard_option('pve-snapshot-name', {
1949 optional => 1,
1950 }),
1951 },
1952 },
1953 returns => {
1954 type => "object",
1955 properties => {
1956 hasFeature => { type => 'boolean' },
1957 nodes => {
1958 type => 'array',
1959 items => { type => 'string' },
1960 }
1961 },
1962 },
1963 code => sub {
1964 my ($param) = @_;
1965
1966 my $node = extract_param($param, 'node');
1967
1968 my $vmid = extract_param($param, 'vmid');
1969
1970 my $snapname = extract_param($param, 'snapname');
1971
1972 my $feature = extract_param($param, 'feature');
1973
1974 my $running = PVE::QemuServer::check_running($vmid);
1975
1976 my $conf = PVE::QemuServer::load_config($vmid);
1977
1978 if($snapname){
1979 my $snap = $conf->{snapshots}->{$snapname};
1980 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1981 $conf = $snap;
1982 }
1983 my $storecfg = PVE::Storage::config();
1984
1985 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
1986 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
1987
1988 return {
1989 hasFeature => $hasFeature,
1990 nodes => [ keys %$nodelist ],
1991 };
1992 }});
1993
1994 __PACKAGE__->register_method({
1995 name => 'clone_vm',
1996 path => '{vmid}/clone',
1997 method => 'POST',
1998 protected => 1,
1999 proxyto => 'node',
2000 description => "Create a copy of virtual machine/template.",
2001 permissions => {
2002 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2003 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2004 "'Datastore.AllocateSpace' on any used storage.",
2005 check =>
2006 [ 'and',
2007 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2008 [ 'or',
2009 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2010 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2011 ],
2012 ]
2013 },
2014 parameters => {
2015 additionalProperties => 0,
2016 properties => {
2017 node => get_standard_option('pve-node'),
2018 vmid => get_standard_option('pve-vmid'),
2019 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2020 name => {
2021 optional => 1,
2022 type => 'string', format => 'dns-name',
2023 description => "Set a name for the new VM.",
2024 },
2025 description => {
2026 optional => 1,
2027 type => 'string',
2028 description => "Description for the new VM.",
2029 },
2030 pool => {
2031 optional => 1,
2032 type => 'string', format => 'pve-poolid',
2033 description => "Add the new VM to the specified pool.",
2034 },
2035 snapname => get_standard_option('pve-snapshot-name', {
2036 requires => 'full',
2037 optional => 1,
2038 }),
2039 storage => get_standard_option('pve-storage-id', {
2040 description => "Target storage for full clone.",
2041 requires => 'full',
2042 optional => 1,
2043 }),
2044 'format' => {
2045 description => "Target format for file storage.",
2046 requires => 'full',
2047 type => 'string',
2048 optional => 1,
2049 enum => [ 'raw', 'qcow2', 'vmdk'],
2050 },
2051 full => {
2052 optional => 1,
2053 type => 'boolean',
2054 description => "Create a full copy of all disk. This is always done when " .
2055 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2056 default => 0,
2057 },
2058 target => get_standard_option('pve-node', {
2059 description => "Target node. Only allowed if the original VM is on shared storage.",
2060 optional => 1,
2061 }),
2062 },
2063 },
2064 returns => {
2065 type => 'string',
2066 },
2067 code => sub {
2068 my ($param) = @_;
2069
2070 my $rpcenv = PVE::RPCEnvironment::get();
2071
2072 my $authuser = $rpcenv->get_user();
2073
2074 my $node = extract_param($param, 'node');
2075
2076 my $vmid = extract_param($param, 'vmid');
2077
2078 my $newid = extract_param($param, 'newid');
2079
2080 my $pool = extract_param($param, 'pool');
2081
2082 if (defined($pool)) {
2083 $rpcenv->check_pool_exist($pool);
2084 }
2085
2086 my $snapname = extract_param($param, 'snapname');
2087
2088 my $storage = extract_param($param, 'storage');
2089
2090 my $format = extract_param($param, 'format');
2091
2092 my $target = extract_param($param, 'target');
2093
2094 my $localnode = PVE::INotify::nodename();
2095
2096 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2097
2098 PVE::Cluster::check_node_exists($target) if $target;
2099
2100 my $storecfg = PVE::Storage::config();
2101
2102 if ($storage) {
2103 # check if storage is enabled on local node
2104 PVE::Storage::storage_check_enabled($storecfg, $storage);
2105 if ($target) {
2106 # check if storage is available on target node
2107 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2108 # clone only works if target storage is shared
2109 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2110 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2111 }
2112 }
2113
2114 PVE::Cluster::check_cfs_quorum();
2115
2116 my $running = PVE::QemuServer::check_running($vmid) || 0;
2117
2118 # exclusive lock if VM is running - else shared lock is enough;
2119 my $shared_lock = $running ? 0 : 1;
2120
2121 my $clonefn = sub {
2122
2123 # do all tests after lock
2124 # we also try to do all tests before we fork the worker
2125
2126 my $conf = PVE::QemuServer::load_config($vmid);
2127
2128 PVE::QemuServer::check_lock($conf);
2129
2130 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2131
2132 die "unexpected state change\n" if $verify_running != $running;
2133
2134 die "snapshot '$snapname' does not exist\n"
2135 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2136
2137 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2138
2139 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2140
2141 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2142
2143 my $conffile = PVE::QemuServer::config_file($newid);
2144
2145 die "unable to create VM $newid: config file already exists\n"
2146 if -f $conffile;
2147
2148 my $newconf = { lock => 'clone' };
2149 my $drives = {};
2150 my $vollist = [];
2151
2152 foreach my $opt (keys %$oldconf) {
2153 my $value = $oldconf->{$opt};
2154
2155 # do not copy snapshot related info
2156 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2157 $opt eq 'vmstate' || $opt eq 'snapstate';
2158
2159 # always change MAC! address
2160 if ($opt =~ m/^net(\d+)$/) {
2161 my $net = PVE::QemuServer::parse_net($value);
2162 $net->{macaddr} = PVE::Tools::random_ether_addr();
2163 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2164 } elsif (my $drive = PVE::QemuServer::parse_drive($opt, $value)) {
2165 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2166 $newconf->{$opt} = $value; # simply copy configuration
2167 } else {
2168 if ($param->{full} || !PVE::Storage::volume_is_base($storecfg, $drive->{file})) {
2169 die "Full clone feature is not available"
2170 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2171 $drive->{full} = 1;
2172 }
2173 $drives->{$opt} = $drive;
2174 push @$vollist, $drive->{file};
2175 }
2176 } else {
2177 # copy everything else
2178 $newconf->{$opt} = $value;
2179 }
2180 }
2181
2182 delete $newconf->{template};
2183
2184 if ($param->{name}) {
2185 $newconf->{name} = $param->{name};
2186 } else {
2187 if ($oldconf->{name}) {
2188 $newconf->{name} = "Copy-of-$oldconf->{name}";
2189 } else {
2190 $newconf->{name} = "Copy-of-VM-$vmid";
2191 }
2192 }
2193
2194 if ($param->{description}) {
2195 $newconf->{description} = $param->{description};
2196 }
2197
2198 # create empty/temp config - this fails if VM already exists on other node
2199 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2200
2201 my $realcmd = sub {
2202 my $upid = shift;
2203
2204 my $newvollist = [];
2205
2206 eval {
2207 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2208
2209 PVE::Storage::activate_volumes($storecfg, $vollist);
2210
2211 foreach my $opt (keys %$drives) {
2212 my $drive = $drives->{$opt};
2213
2214 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2215 $newid, $storage, $format, $drive->{full}, $newvollist);
2216
2217 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2218
2219 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2220 }
2221
2222 delete $newconf->{lock};
2223 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2224
2225 if ($target) {
2226 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2227 die "Failed to move config to node '$target' - rename failed: $!\n"
2228 if !rename($conffile, $newconffile);
2229 }
2230
2231 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2232 };
2233 if (my $err = $@) {
2234 unlink $conffile;
2235
2236 sleep 1; # some storage like rbd need to wait before release volume - really?
2237
2238 foreach my $volid (@$newvollist) {
2239 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2240 warn $@ if $@;
2241 }
2242 die "clone failed: $err";
2243 }
2244
2245 return;
2246 };
2247
2248 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2249 };
2250
2251 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2252 # Aquire exclusive lock lock for $newid
2253 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2254 });
2255
2256 }});
2257
2258 __PACKAGE__->register_method({
2259 name => 'move_vm_disk',
2260 path => '{vmid}/move_disk',
2261 method => 'POST',
2262 protected => 1,
2263 proxyto => 'node',
2264 description => "Move volume to different storage.",
2265 permissions => {
2266 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2267 "and 'Datastore.AllocateSpace' permissions on the storage.",
2268 check =>
2269 [ 'and',
2270 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2271 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2272 ],
2273 },
2274 parameters => {
2275 additionalProperties => 0,
2276 properties => {
2277 node => get_standard_option('pve-node'),
2278 vmid => get_standard_option('pve-vmid'),
2279 disk => {
2280 type => 'string',
2281 description => "The disk you want to move.",
2282 enum => [ PVE::QemuServer::disknames() ],
2283 },
2284 storage => get_standard_option('pve-storage-id', { description => "Target Storage." }),
2285 'format' => {
2286 type => 'string',
2287 description => "Target Format.",
2288 enum => [ 'raw', 'qcow2', 'vmdk' ],
2289 optional => 1,
2290 },
2291 delete => {
2292 type => 'boolean',
2293 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2294 optional => 1,
2295 default => 0,
2296 },
2297 digest => {
2298 type => 'string',
2299 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2300 maxLength => 40,
2301 optional => 1,
2302 },
2303 },
2304 },
2305 returns => {
2306 type => 'string',
2307 description => "the task ID.",
2308 },
2309 code => sub {
2310 my ($param) = @_;
2311
2312 my $rpcenv = PVE::RPCEnvironment::get();
2313
2314 my $authuser = $rpcenv->get_user();
2315
2316 my $node = extract_param($param, 'node');
2317
2318 my $vmid = extract_param($param, 'vmid');
2319
2320 my $digest = extract_param($param, 'digest');
2321
2322 my $disk = extract_param($param, 'disk');
2323
2324 my $storeid = extract_param($param, 'storage');
2325
2326 my $format = extract_param($param, 'format');
2327
2328 my $storecfg = PVE::Storage::config();
2329
2330 my $updatefn = sub {
2331
2332 my $conf = PVE::QemuServer::load_config($vmid);
2333
2334 die "checksum missmatch (file change by other user?)\n"
2335 if $digest && $digest ne $conf->{digest};
2336
2337 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2338
2339 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2340
2341 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2342
2343 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2344
2345 my $oldfmt;
2346 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2347 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2348 $oldfmt = $1;
2349 }
2350
2351 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2352 (!$format || !$oldfmt || $oldfmt eq $format);
2353
2354 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2355
2356 my $running = PVE::QemuServer::check_running($vmid);
2357
2358 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2359
2360 my $realcmd = sub {
2361
2362 my $newvollist = [];
2363
2364 eval {
2365 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2366
2367 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2368 $vmid, $storeid, $format, 1, $newvollist);
2369
2370 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2371
2372 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2373
2374 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2375 };
2376 if (my $err = $@) {
2377
2378 foreach my $volid (@$newvollist) {
2379 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2380 warn $@ if $@;
2381 }
2382 die "storage migration failed: $err";
2383 }
2384
2385 if ($param->{delete}) {
2386 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2387 warn $@ if $@;
2388 }
2389 };
2390
2391 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2392 };
2393
2394 return PVE::QemuServer::lock_config($vmid, $updatefn);
2395 }});
2396
2397 __PACKAGE__->register_method({
2398 name => 'migrate_vm',
2399 path => '{vmid}/migrate',
2400 method => 'POST',
2401 protected => 1,
2402 proxyto => 'node',
2403 description => "Migrate virtual machine. Creates a new migration task.",
2404 permissions => {
2405 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2406 },
2407 parameters => {
2408 additionalProperties => 0,
2409 properties => {
2410 node => get_standard_option('pve-node'),
2411 vmid => get_standard_option('pve-vmid'),
2412 target => get_standard_option('pve-node', { description => "Target node." }),
2413 online => {
2414 type => 'boolean',
2415 description => "Use online/live migration.",
2416 optional => 1,
2417 },
2418 force => {
2419 type => 'boolean',
2420 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2421 optional => 1,
2422 },
2423 },
2424 },
2425 returns => {
2426 type => 'string',
2427 description => "the task ID.",
2428 },
2429 code => sub {
2430 my ($param) = @_;
2431
2432 my $rpcenv = PVE::RPCEnvironment::get();
2433
2434 my $authuser = $rpcenv->get_user();
2435
2436 my $target = extract_param($param, 'target');
2437
2438 my $localnode = PVE::INotify::nodename();
2439 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2440
2441 PVE::Cluster::check_cfs_quorum();
2442
2443 PVE::Cluster::check_node_exists($target);
2444
2445 my $targetip = PVE::Cluster::remote_node_ip($target);
2446
2447 my $vmid = extract_param($param, 'vmid');
2448
2449 raise_param_exc({ force => "Only root may use this option." })
2450 if $param->{force} && $authuser ne 'root@pam';
2451
2452 # test if VM exists
2453 my $conf = PVE::QemuServer::load_config($vmid);
2454
2455 # try to detect errors early
2456
2457 PVE::QemuServer::check_lock($conf);
2458
2459 if (PVE::QemuServer::check_running($vmid)) {
2460 die "cant migrate running VM without --online\n"
2461 if !$param->{online};
2462 }
2463
2464 my $storecfg = PVE::Storage::config();
2465 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2466
2467 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2468
2469 my $hacmd = sub {
2470 my $upid = shift;
2471
2472 my $service = "pvevm:$vmid";
2473
2474 my $cmd = ['clusvcadm', '-M', $service, '-m', $target];
2475
2476 print "Executing HA migrate for VM $vmid to node $target\n";
2477
2478 PVE::Tools::run_command($cmd);
2479
2480 return;
2481 };
2482
2483 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2484
2485 } else {
2486
2487 my $realcmd = sub {
2488 my $upid = shift;
2489
2490 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2491 };
2492
2493 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2494 }
2495
2496 }});
2497
2498 __PACKAGE__->register_method({
2499 name => 'monitor',
2500 path => '{vmid}/monitor',
2501 method => 'POST',
2502 protected => 1,
2503 proxyto => 'node',
2504 description => "Execute Qemu monitor commands.",
2505 permissions => {
2506 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2507 },
2508 parameters => {
2509 additionalProperties => 0,
2510 properties => {
2511 node => get_standard_option('pve-node'),
2512 vmid => get_standard_option('pve-vmid'),
2513 command => {
2514 type => 'string',
2515 description => "The monitor command.",
2516 }
2517 },
2518 },
2519 returns => { type => 'string'},
2520 code => sub {
2521 my ($param) = @_;
2522
2523 my $vmid = $param->{vmid};
2524
2525 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2526
2527 my $res = '';
2528 eval {
2529 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2530 };
2531 $res = "ERROR: $@" if $@;
2532
2533 return $res;
2534 }});
2535
2536 __PACKAGE__->register_method({
2537 name => 'resize_vm',
2538 path => '{vmid}/resize',
2539 method => 'PUT',
2540 protected => 1,
2541 proxyto => 'node',
2542 description => "Extend volume size.",
2543 permissions => {
2544 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2545 },
2546 parameters => {
2547 additionalProperties => 0,
2548 properties => {
2549 node => get_standard_option('pve-node'),
2550 vmid => get_standard_option('pve-vmid'),
2551 skiplock => get_standard_option('skiplock'),
2552 disk => {
2553 type => 'string',
2554 description => "The disk you want to resize.",
2555 enum => [PVE::QemuServer::disknames()],
2556 },
2557 size => {
2558 type => 'string',
2559 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2560 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2561 },
2562 digest => {
2563 type => 'string',
2564 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2565 maxLength => 40,
2566 optional => 1,
2567 },
2568 },
2569 },
2570 returns => { type => 'null'},
2571 code => sub {
2572 my ($param) = @_;
2573
2574 my $rpcenv = PVE::RPCEnvironment::get();
2575
2576 my $authuser = $rpcenv->get_user();
2577
2578 my $node = extract_param($param, 'node');
2579
2580 my $vmid = extract_param($param, 'vmid');
2581
2582 my $digest = extract_param($param, 'digest');
2583
2584 my $disk = extract_param($param, 'disk');
2585
2586 my $sizestr = extract_param($param, 'size');
2587
2588 my $skiplock = extract_param($param, 'skiplock');
2589 raise_param_exc({ skiplock => "Only root may use this option." })
2590 if $skiplock && $authuser ne 'root@pam';
2591
2592 my $storecfg = PVE::Storage::config();
2593
2594 my $updatefn = sub {
2595
2596 my $conf = PVE::QemuServer::load_config($vmid);
2597
2598 die "checksum missmatch (file change by other user?)\n"
2599 if $digest && $digest ne $conf->{digest};
2600 PVE::QemuServer::check_lock($conf) if !$skiplock;
2601
2602 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2603
2604 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2605
2606 my $volid = $drive->{file};
2607
2608 die "disk '$disk' has no associated volume\n" if !$volid;
2609
2610 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2611
2612 die "you can't online resize a virtio windows bootdisk\n"
2613 if PVE::QemuServer::check_running($vmid) && $conf->{bootdisk} eq $disk && $conf->{ostype} =~ m/^w/ && $disk =~ m/^virtio/;
2614
2615 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2616
2617 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2618
2619 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2620
2621 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2622 my ($ext, $newsize, $unit) = ($1, $2, $4);
2623 if ($unit) {
2624 if ($unit eq 'K') {
2625 $newsize = $newsize * 1024;
2626 } elsif ($unit eq 'M') {
2627 $newsize = $newsize * 1024 * 1024;
2628 } elsif ($unit eq 'G') {
2629 $newsize = $newsize * 1024 * 1024 * 1024;
2630 } elsif ($unit eq 'T') {
2631 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2632 }
2633 }
2634 $newsize += $size if $ext;
2635 $newsize = int($newsize);
2636
2637 die "unable to skrink disk size\n" if $newsize < $size;
2638
2639 return if $size == $newsize;
2640
2641 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2642
2643 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2644
2645 $drive->{size} = $newsize;
2646 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2647
2648 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2649 };
2650
2651 PVE::QemuServer::lock_config($vmid, $updatefn);
2652 return undef;
2653 }});
2654
2655 __PACKAGE__->register_method({
2656 name => 'snapshot_list',
2657 path => '{vmid}/snapshot',
2658 method => 'GET',
2659 description => "List all snapshots.",
2660 permissions => {
2661 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2662 },
2663 proxyto => 'node',
2664 protected => 1, # qemu pid files are only readable by root
2665 parameters => {
2666 additionalProperties => 0,
2667 properties => {
2668 vmid => get_standard_option('pve-vmid'),
2669 node => get_standard_option('pve-node'),
2670 },
2671 },
2672 returns => {
2673 type => 'array',
2674 items => {
2675 type => "object",
2676 properties => {},
2677 },
2678 links => [ { rel => 'child', href => "{name}" } ],
2679 },
2680 code => sub {
2681 my ($param) = @_;
2682
2683 my $vmid = $param->{vmid};
2684
2685 my $conf = PVE::QemuServer::load_config($vmid);
2686 my $snaphash = $conf->{snapshots} || {};
2687
2688 my $res = [];
2689
2690 foreach my $name (keys %$snaphash) {
2691 my $d = $snaphash->{$name};
2692 my $item = {
2693 name => $name,
2694 snaptime => $d->{snaptime} || 0,
2695 vmstate => $d->{vmstate} ? 1 : 0,
2696 description => $d->{description} || '',
2697 };
2698 $item->{parent} = $d->{parent} if $d->{parent};
2699 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2700 push @$res, $item;
2701 }
2702
2703 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2704 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2705 $current->{parent} = $conf->{parent} if $conf->{parent};
2706
2707 push @$res, $current;
2708
2709 return $res;
2710 }});
2711
2712 __PACKAGE__->register_method({
2713 name => 'snapshot',
2714 path => '{vmid}/snapshot',
2715 method => 'POST',
2716 protected => 1,
2717 proxyto => 'node',
2718 description => "Snapshot a VM.",
2719 permissions => {
2720 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2721 },
2722 parameters => {
2723 additionalProperties => 0,
2724 properties => {
2725 node => get_standard_option('pve-node'),
2726 vmid => get_standard_option('pve-vmid'),
2727 snapname => get_standard_option('pve-snapshot-name'),
2728 vmstate => {
2729 optional => 1,
2730 type => 'boolean',
2731 description => "Save the vmstate",
2732 },
2733 freezefs => {
2734 optional => 1,
2735 type => 'boolean',
2736 description => "Freeze the filesystem",
2737 },
2738 description => {
2739 optional => 1,
2740 type => 'string',
2741 description => "A textual description or comment.",
2742 },
2743 },
2744 },
2745 returns => {
2746 type => 'string',
2747 description => "the task ID.",
2748 },
2749 code => sub {
2750 my ($param) = @_;
2751
2752 my $rpcenv = PVE::RPCEnvironment::get();
2753
2754 my $authuser = $rpcenv->get_user();
2755
2756 my $node = extract_param($param, 'node');
2757
2758 my $vmid = extract_param($param, 'vmid');
2759
2760 my $snapname = extract_param($param, 'snapname');
2761
2762 die "unable to use snapshot name 'current' (reserved name)\n"
2763 if $snapname eq 'current';
2764
2765 my $realcmd = sub {
2766 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2767 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2768 $param->{freezefs}, $param->{description});
2769 };
2770
2771 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2772 }});
2773
2774 __PACKAGE__->register_method({
2775 name => 'snapshot_cmd_idx',
2776 path => '{vmid}/snapshot/{snapname}',
2777 description => '',
2778 method => 'GET',
2779 permissions => {
2780 user => 'all',
2781 },
2782 parameters => {
2783 additionalProperties => 0,
2784 properties => {
2785 vmid => get_standard_option('pve-vmid'),
2786 node => get_standard_option('pve-node'),
2787 snapname => get_standard_option('pve-snapshot-name'),
2788 },
2789 },
2790 returns => {
2791 type => 'array',
2792 items => {
2793 type => "object",
2794 properties => {},
2795 },
2796 links => [ { rel => 'child', href => "{cmd}" } ],
2797 },
2798 code => sub {
2799 my ($param) = @_;
2800
2801 my $res = [];
2802
2803 push @$res, { cmd => 'rollback' };
2804 push @$res, { cmd => 'config' };
2805
2806 return $res;
2807 }});
2808
2809 __PACKAGE__->register_method({
2810 name => 'update_snapshot_config',
2811 path => '{vmid}/snapshot/{snapname}/config',
2812 method => 'PUT',
2813 protected => 1,
2814 proxyto => 'node',
2815 description => "Update snapshot metadata.",
2816 permissions => {
2817 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2818 },
2819 parameters => {
2820 additionalProperties => 0,
2821 properties => {
2822 node => get_standard_option('pve-node'),
2823 vmid => get_standard_option('pve-vmid'),
2824 snapname => get_standard_option('pve-snapshot-name'),
2825 description => {
2826 optional => 1,
2827 type => 'string',
2828 description => "A textual description or comment.",
2829 },
2830 },
2831 },
2832 returns => { type => 'null' },
2833 code => sub {
2834 my ($param) = @_;
2835
2836 my $rpcenv = PVE::RPCEnvironment::get();
2837
2838 my $authuser = $rpcenv->get_user();
2839
2840 my $vmid = extract_param($param, 'vmid');
2841
2842 my $snapname = extract_param($param, 'snapname');
2843
2844 return undef if !defined($param->{description});
2845
2846 my $updatefn = sub {
2847
2848 my $conf = PVE::QemuServer::load_config($vmid);
2849
2850 PVE::QemuServer::check_lock($conf);
2851
2852 my $snap = $conf->{snapshots}->{$snapname};
2853
2854 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2855
2856 $snap->{description} = $param->{description} if defined($param->{description});
2857
2858 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2859 };
2860
2861 PVE::QemuServer::lock_config($vmid, $updatefn);
2862
2863 return undef;
2864 }});
2865
2866 __PACKAGE__->register_method({
2867 name => 'get_snapshot_config',
2868 path => '{vmid}/snapshot/{snapname}/config',
2869 method => 'GET',
2870 proxyto => 'node',
2871 description => "Get snapshot configuration",
2872 permissions => {
2873 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2874 },
2875 parameters => {
2876 additionalProperties => 0,
2877 properties => {
2878 node => get_standard_option('pve-node'),
2879 vmid => get_standard_option('pve-vmid'),
2880 snapname => get_standard_option('pve-snapshot-name'),
2881 },
2882 },
2883 returns => { type => "object" },
2884 code => sub {
2885 my ($param) = @_;
2886
2887 my $rpcenv = PVE::RPCEnvironment::get();
2888
2889 my $authuser = $rpcenv->get_user();
2890
2891 my $vmid = extract_param($param, 'vmid');
2892
2893 my $snapname = extract_param($param, 'snapname');
2894
2895 my $conf = PVE::QemuServer::load_config($vmid);
2896
2897 my $snap = $conf->{snapshots}->{$snapname};
2898
2899 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2900
2901 return $snap;
2902 }});
2903
2904 __PACKAGE__->register_method({
2905 name => 'rollback',
2906 path => '{vmid}/snapshot/{snapname}/rollback',
2907 method => 'POST',
2908 protected => 1,
2909 proxyto => 'node',
2910 description => "Rollback VM state to specified snapshot.",
2911 permissions => {
2912 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2913 },
2914 parameters => {
2915 additionalProperties => 0,
2916 properties => {
2917 node => get_standard_option('pve-node'),
2918 vmid => get_standard_option('pve-vmid'),
2919 snapname => get_standard_option('pve-snapshot-name'),
2920 },
2921 },
2922 returns => {
2923 type => 'string',
2924 description => "the task ID.",
2925 },
2926 code => sub {
2927 my ($param) = @_;
2928
2929 my $rpcenv = PVE::RPCEnvironment::get();
2930
2931 my $authuser = $rpcenv->get_user();
2932
2933 my $node = extract_param($param, 'node');
2934
2935 my $vmid = extract_param($param, 'vmid');
2936
2937 my $snapname = extract_param($param, 'snapname');
2938
2939 my $realcmd = sub {
2940 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
2941 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
2942 };
2943
2944 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
2945 }});
2946
2947 __PACKAGE__->register_method({
2948 name => 'delsnapshot',
2949 path => '{vmid}/snapshot/{snapname}',
2950 method => 'DELETE',
2951 protected => 1,
2952 proxyto => 'node',
2953 description => "Delete a VM snapshot.",
2954 permissions => {
2955 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2956 },
2957 parameters => {
2958 additionalProperties => 0,
2959 properties => {
2960 node => get_standard_option('pve-node'),
2961 vmid => get_standard_option('pve-vmid'),
2962 snapname => get_standard_option('pve-snapshot-name'),
2963 force => {
2964 optional => 1,
2965 type => 'boolean',
2966 description => "For removal from config file, even if removing disk snapshots fails.",
2967 },
2968 },
2969 },
2970 returns => {
2971 type => 'string',
2972 description => "the task ID.",
2973 },
2974 code => sub {
2975 my ($param) = @_;
2976
2977 my $rpcenv = PVE::RPCEnvironment::get();
2978
2979 my $authuser = $rpcenv->get_user();
2980
2981 my $node = extract_param($param, 'node');
2982
2983 my $vmid = extract_param($param, 'vmid');
2984
2985 my $snapname = extract_param($param, 'snapname');
2986
2987 my $realcmd = sub {
2988 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
2989 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
2990 };
2991
2992 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
2993 }});
2994
2995 __PACKAGE__->register_method({
2996 name => 'template',
2997 path => '{vmid}/template',
2998 method => 'POST',
2999 protected => 1,
3000 proxyto => 'node',
3001 description => "Create a Template.",
3002 permissions => {
3003 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3004 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3005 },
3006 parameters => {
3007 additionalProperties => 0,
3008 properties => {
3009 node => get_standard_option('pve-node'),
3010 vmid => get_standard_option('pve-vmid'),
3011 disk => {
3012 optional => 1,
3013 type => 'string',
3014 description => "If you want to convert only 1 disk to base image.",
3015 enum => [PVE::QemuServer::disknames()],
3016 },
3017
3018 },
3019 },
3020 returns => { type => 'null'},
3021 code => sub {
3022 my ($param) = @_;
3023
3024 my $rpcenv = PVE::RPCEnvironment::get();
3025
3026 my $authuser = $rpcenv->get_user();
3027
3028 my $node = extract_param($param, 'node');
3029
3030 my $vmid = extract_param($param, 'vmid');
3031
3032 my $disk = extract_param($param, 'disk');
3033
3034 my $updatefn = sub {
3035
3036 my $conf = PVE::QemuServer::load_config($vmid);
3037
3038 PVE::QemuServer::check_lock($conf);
3039
3040 die "unable to create template, because VM contains snapshots\n"
3041 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3042
3043 die "you can't convert a template to a template\n"
3044 if PVE::QemuServer::is_template($conf) && !$disk;
3045
3046 die "you can't convert a VM to template if VM is running\n"
3047 if PVE::QemuServer::check_running($vmid);
3048
3049 my $realcmd = sub {
3050 PVE::QemuServer::template_create($vmid, $conf, $disk);
3051 };
3052
3053 $conf->{template} = 1;
3054 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3055
3056 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3057 };
3058
3059 PVE::QemuServer::lock_config($vmid, $updatefn);
3060 return undef;
3061 }});
3062
3063 1;
Virtual Machine Manager