]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vncproxy: add check if VM is running
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7
8 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
9 use PVE::SafeSyslog;
10 use PVE::Tools qw(extract_param);
11 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
12 use PVE::Storage;
13 use PVE::JSONSchema qw(get_standard_option);
14 use PVE::RESTHandler;
15 use PVE::QemuServer;
16 use PVE::QemuMigrate;
17 use PVE::RPCEnvironment;
18 use PVE::AccessControl;
19 use PVE::INotify;
20 use PVE::Network;
21 use PVE::API2::Firewall::VM;
22
23 use Data::Dumper; # fixme: remove
24
25 use base qw(PVE::RESTHandler);
26
27 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
28
29 my $resolve_cdrom_alias = sub {
30 my $param = shift;
31
32 if (my $value = $param->{cdrom}) {
33 $value .= ",media=cdrom" if $value !~ m/media=/;
34 $param->{ide2} = $value;
35 delete $param->{cdrom};
36 }
37 };
38
39
40 my $check_storage_access = sub {
41 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
42
43 PVE::QemuServer::foreach_drive($settings, sub {
44 my ($ds, $drive) = @_;
45
46 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
47
48 my $volid = $drive->{file};
49
50 if (!$volid || $volid eq 'none') {
51 # nothing to check
52 } elsif ($isCDROM && ($volid eq 'cdrom')) {
53 $rpcenv->check($authuser, "/", ['Sys.Console']);
54 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
55 my ($storeid, $size) = ($2 || $default_storage, $3);
56 die "no storage ID specified (and no default storage)\n" if !$storeid;
57 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
58 } else {
59 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
60 }
61 });
62 };
63
64 my $check_storage_access_clone = sub {
65 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
66
67 my $sharedvm = 1;
68
69 PVE::QemuServer::foreach_drive($conf, sub {
70 my ($ds, $drive) = @_;
71
72 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
73
74 my $volid = $drive->{file};
75
76 return if !$volid || $volid eq 'none';
77
78 if ($isCDROM) {
79 if ($volid eq 'cdrom') {
80 $rpcenv->check($authuser, "/", ['Sys.Console']);
81 } else {
82 # we simply allow access
83 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
84 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
85 $sharedvm = 0 if !$scfg->{shared};
86
87 }
88 } else {
89 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
90 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
91 $sharedvm = 0 if !$scfg->{shared};
92
93 $sid = $storage if $storage;
94 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
95 }
96 });
97
98 return $sharedvm;
99 };
100
101 # Note: $pool is only needed when creating a VM, because pool permissions
102 # are automatically inherited if VM already exists inside a pool.
103 my $create_disks = sub {
104 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
105
106 my $vollist = [];
107
108 my $res = {};
109 PVE::QemuServer::foreach_drive($settings, sub {
110 my ($ds, $disk) = @_;
111
112 my $volid = $disk->{file};
113
114 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
115 delete $disk->{size};
116 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
117 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
118 my ($storeid, $size) = ($2 || $default_storage, $3);
119 die "no storage ID specified (and no default storage)\n" if !$storeid;
120 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
121 my $fmt = $disk->{format} || $defformat;
122 my $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
123 $fmt, undef, $size*1024*1024);
124 $disk->{file} = $volid;
125 $disk->{size} = $size*1024*1024*1024;
126 push @$vollist, $volid;
127 delete $disk->{format}; # no longer needed
128 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
129 } else {
130
131 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
132
133 my $volid_is_new = 1;
134
135 if ($conf->{$ds}) {
136 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
137 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
138 }
139
140 if ($volid_is_new) {
141
142 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
143
144 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
145
146 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
147
148 die "volume $volid does not exists\n" if !$size;
149
150 $disk->{size} = $size;
151 }
152
153 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
154 }
155 });
156
157 # free allocated images on error
158 if (my $err = $@) {
159 syslog('err', "VM $vmid creating disks failed");
160 foreach my $volid (@$vollist) {
161 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
162 warn $@ if $@;
163 }
164 die $err;
165 }
166
167 # modify vm config if everything went well
168 foreach my $ds (keys %$res) {
169 $conf->{$ds} = $res->{$ds};
170 }
171
172 return $vollist;
173 };
174
175 my $check_vm_modify_config_perm = sub {
176 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
177
178 return 1 if $authuser eq 'root@pam';
179
180 foreach my $opt (@$key_list) {
181 # disk checks need to be done somewhere else
182 next if PVE::QemuServer::valid_drivename($opt);
183
184 if ($opt eq 'sockets' || $opt eq 'cores' ||
185 $opt eq 'cpu' || $opt eq 'smp' ||
186 $opt eq 'cpulimit' || $opt eq 'cpuunits') {
187 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
188 } elsif ($opt eq 'boot' || $opt eq 'bootdisk') {
189 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
190 } elsif ($opt eq 'memory' || $opt eq 'balloon' || $opt eq 'shares') {
191 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
192 } elsif ($opt eq 'args' || $opt eq 'lock') {
193 die "only root can set '$opt' config\n";
194 } elsif ($opt eq 'cpu' || $opt eq 'kvm' || $opt eq 'acpi' || $opt eq 'machine' ||
195 $opt eq 'vga' || $opt eq 'watchdog' || $opt eq 'tablet') {
196 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
197 } elsif ($opt =~ m/^net\d+$/) {
198 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
199 } else {
200 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
201 }
202 }
203
204 return 1;
205 };
206
207 __PACKAGE__->register_method({
208 name => 'vmlist',
209 path => '',
210 method => 'GET',
211 description => "Virtual machine index (per node).",
212 permissions => {
213 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
214 user => 'all',
215 },
216 proxyto => 'node',
217 protected => 1, # qemu pid files are only readable by root
218 parameters => {
219 additionalProperties => 0,
220 properties => {
221 node => get_standard_option('pve-node'),
222 },
223 },
224 returns => {
225 type => 'array',
226 items => {
227 type => "object",
228 properties => {},
229 },
230 links => [ { rel => 'child', href => "{vmid}" } ],
231 },
232 code => sub {
233 my ($param) = @_;
234
235 my $rpcenv = PVE::RPCEnvironment::get();
236 my $authuser = $rpcenv->get_user();
237
238 my $vmstatus = PVE::QemuServer::vmstatus();
239
240 my $res = [];
241 foreach my $vmid (keys %$vmstatus) {
242 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
243
244 my $data = $vmstatus->{$vmid};
245 $data->{vmid} = $vmid;
246 push @$res, $data;
247 }
248
249 return $res;
250 }});
251
252
253
254 __PACKAGE__->register_method({
255 name => 'create_vm',
256 path => '',
257 method => 'POST',
258 description => "Create or restore a virtual machine.",
259 permissions => {
260 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
261 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
262 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
263 user => 'all', # check inside
264 },
265 protected => 1,
266 proxyto => 'node',
267 parameters => {
268 additionalProperties => 0,
269 properties => PVE::QemuServer::json_config_properties(
270 {
271 node => get_standard_option('pve-node'),
272 vmid => get_standard_option('pve-vmid'),
273 archive => {
274 description => "The backup file.",
275 type => 'string',
276 optional => 1,
277 maxLength => 255,
278 },
279 storage => get_standard_option('pve-storage-id', {
280 description => "Default storage.",
281 optional => 1,
282 }),
283 force => {
284 optional => 1,
285 type => 'boolean',
286 description => "Allow to overwrite existing VM.",
287 requires => 'archive',
288 },
289 unique => {
290 optional => 1,
291 type => 'boolean',
292 description => "Assign a unique random ethernet address.",
293 requires => 'archive',
294 },
295 pool => {
296 optional => 1,
297 type => 'string', format => 'pve-poolid',
298 description => "Add the VM to the specified pool.",
299 },
300 }),
301 },
302 returns => {
303 type => 'string',
304 },
305 code => sub {
306 my ($param) = @_;
307
308 my $rpcenv = PVE::RPCEnvironment::get();
309
310 my $authuser = $rpcenv->get_user();
311
312 my $node = extract_param($param, 'node');
313
314 my $vmid = extract_param($param, 'vmid');
315
316 my $archive = extract_param($param, 'archive');
317
318 my $storage = extract_param($param, 'storage');
319
320 my $force = extract_param($param, 'force');
321
322 my $unique = extract_param($param, 'unique');
323
324 my $pool = extract_param($param, 'pool');
325
326 my $filename = PVE::QemuServer::config_file($vmid);
327
328 my $storecfg = PVE::Storage::config();
329
330 PVE::Cluster::check_cfs_quorum();
331
332 if (defined($pool)) {
333 $rpcenv->check_pool_exist($pool);
334 }
335
336 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
337 if defined($storage);
338
339 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
340 # OK
341 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
342 # OK
343 } elsif ($archive && $force && (-f $filename) &&
344 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
345 # OK: user has VM.Backup permissions, and want to restore an existing VM
346 } else {
347 raise_perm_exc();
348 }
349
350 if (!$archive) {
351 &$resolve_cdrom_alias($param);
352
353 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
354
355 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
356
357 foreach my $opt (keys %$param) {
358 if (PVE::QemuServer::valid_drivename($opt)) {
359 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
360 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
361
362 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
363 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
364 }
365 }
366
367 PVE::QemuServer::add_random_macs($param);
368 } else {
369 my $keystr = join(' ', keys %$param);
370 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
371
372 if ($archive eq '-') {
373 die "pipe requires cli environment\n"
374 if $rpcenv->{type} ne 'cli';
375 } else {
376 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
377 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
378 }
379 }
380
381 my $restorefn = sub {
382
383 # fixme: this test does not work if VM exists on other node!
384 if (-f $filename) {
385 die "unable to restore vm $vmid: config file already exists\n"
386 if !$force;
387
388 die "unable to restore vm $vmid: vm is running\n"
389 if PVE::QemuServer::check_running($vmid);
390 }
391
392 my $realcmd = sub {
393 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
394 storage => $storage,
395 pool => $pool,
396 unique => $unique });
397
398 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
399 };
400
401 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
402 };
403
404 my $createfn = sub {
405
406 # test after locking
407 die "unable to create vm $vmid: config file already exists\n"
408 if -f $filename;
409
410 my $realcmd = sub {
411
412 my $vollist = [];
413
414 my $conf = $param;
415
416 eval {
417
418 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
419
420 # try to be smart about bootdisk
421 my @disks = PVE::QemuServer::disknames();
422 my $firstdisk;
423 foreach my $ds (reverse @disks) {
424 next if !$conf->{$ds};
425 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
426 next if PVE::QemuServer::drive_is_cdrom($disk);
427 $firstdisk = $ds;
428 }
429
430 if (!$conf->{bootdisk} && $firstdisk) {
431 $conf->{bootdisk} = $firstdisk;
432 }
433
434 PVE::QemuServer::update_config_nolock($vmid, $conf);
435
436 };
437 my $err = $@;
438
439 if ($err) {
440 foreach my $volid (@$vollist) {
441 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
442 warn $@ if $@;
443 }
444 die "create failed - $err";
445 }
446
447 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
448 };
449
450 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
451 };
452
453 return PVE::QemuServer::lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
454 }});
455
456 __PACKAGE__->register_method({
457 name => 'vmdiridx',
458 path => '{vmid}',
459 method => 'GET',
460 proxyto => 'node',
461 description => "Directory index",
462 permissions => {
463 user => 'all',
464 },
465 parameters => {
466 additionalProperties => 0,
467 properties => {
468 node => get_standard_option('pve-node'),
469 vmid => get_standard_option('pve-vmid'),
470 },
471 },
472 returns => {
473 type => 'array',
474 items => {
475 type => "object",
476 properties => {
477 subdir => { type => 'string' },
478 },
479 },
480 links => [ { rel => 'child', href => "{subdir}" } ],
481 },
482 code => sub {
483 my ($param) = @_;
484
485 my $res = [
486 { subdir => 'config' },
487 { subdir => 'status' },
488 { subdir => 'unlink' },
489 { subdir => 'vncproxy' },
490 { subdir => 'migrate' },
491 { subdir => 'resize' },
492 { subdir => 'move' },
493 { subdir => 'rrd' },
494 { subdir => 'rrddata' },
495 { subdir => 'monitor' },
496 { subdir => 'snapshot' },
497 { subdir => 'spiceproxy' },
498 { subdir => 'sendkey' },
499 { subdir => 'firewall' },
500 ];
501
502 return $res;
503 }});
504
505 __PACKAGE__->register_method ({
506 subclass => "PVE::API2::Firewall::VM",
507 path => '{vmid}/firewall',
508 });
509
510 __PACKAGE__->register_method({
511 name => 'rrd',
512 path => '{vmid}/rrd',
513 method => 'GET',
514 protected => 1, # fixme: can we avoid that?
515 permissions => {
516 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
517 },
518 description => "Read VM RRD statistics (returns PNG)",
519 parameters => {
520 additionalProperties => 0,
521 properties => {
522 node => get_standard_option('pve-node'),
523 vmid => get_standard_option('pve-vmid'),
524 timeframe => {
525 description => "Specify the time frame you are interested in.",
526 type => 'string',
527 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
528 },
529 ds => {
530 description => "The list of datasources you want to display.",
531 type => 'string', format => 'pve-configid-list',
532 },
533 cf => {
534 description => "The RRD consolidation function",
535 type => 'string',
536 enum => [ 'AVERAGE', 'MAX' ],
537 optional => 1,
538 },
539 },
540 },
541 returns => {
542 type => "object",
543 properties => {
544 filename => { type => 'string' },
545 },
546 },
547 code => sub {
548 my ($param) = @_;
549
550 return PVE::Cluster::create_rrd_graph(
551 "pve2-vm/$param->{vmid}", $param->{timeframe},
552 $param->{ds}, $param->{cf});
553
554 }});
555
556 __PACKAGE__->register_method({
557 name => 'rrddata',
558 path => '{vmid}/rrddata',
559 method => 'GET',
560 protected => 1, # fixme: can we avoid that?
561 permissions => {
562 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
563 },
564 description => "Read VM RRD statistics",
565 parameters => {
566 additionalProperties => 0,
567 properties => {
568 node => get_standard_option('pve-node'),
569 vmid => get_standard_option('pve-vmid'),
570 timeframe => {
571 description => "Specify the time frame you are interested in.",
572 type => 'string',
573 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
574 },
575 cf => {
576 description => "The RRD consolidation function",
577 type => 'string',
578 enum => [ 'AVERAGE', 'MAX' ],
579 optional => 1,
580 },
581 },
582 },
583 returns => {
584 type => "array",
585 items => {
586 type => "object",
587 properties => {},
588 },
589 },
590 code => sub {
591 my ($param) = @_;
592
593 return PVE::Cluster::create_rrd_data(
594 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
595 }});
596
597
598 __PACKAGE__->register_method({
599 name => 'vm_config',
600 path => '{vmid}/config',
601 method => 'GET',
602 proxyto => 'node',
603 description => "Get virtual machine configuration.",
604 permissions => {
605 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
606 },
607 parameters => {
608 additionalProperties => 0,
609 properties => {
610 node => get_standard_option('pve-node'),
611 vmid => get_standard_option('pve-vmid'),
612 },
613 },
614 returns => {
615 type => "object",
616 properties => {
617 digest => {
618 type => 'string',
619 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
620 }
621 },
622 },
623 code => sub {
624 my ($param) = @_;
625
626 my $conf = PVE::QemuServer::load_config($param->{vmid});
627
628 delete $conf->{snapshots};
629
630 return $conf;
631 }});
632
633 my $vm_is_volid_owner = sub {
634 my ($storecfg, $vmid, $volid) =@_;
635
636 if ($volid !~ m|^/|) {
637 my ($path, $owner);
638 eval { ($path, $owner) = PVE::Storage::path($storecfg, $volid); };
639 if ($owner && ($owner == $vmid)) {
640 return 1;
641 }
642 }
643
644 return undef;
645 };
646
647 my $test_deallocate_drive = sub {
648 my ($storecfg, $vmid, $key, $drive, $force) = @_;
649
650 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
651 my $volid = $drive->{file};
652 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
653 if ($force || $key =~ m/^unused/) {
654 my $sid = PVE::Storage::parse_volume_id($volid);
655 return $sid;
656 }
657 }
658 }
659
660 return undef;
661 };
662
663 my $delete_drive = sub {
664 my ($conf, $storecfg, $vmid, $key, $drive, $force) = @_;
665
666 if (!PVE::QemuServer::drive_is_cdrom($drive)) {
667 my $volid = $drive->{file};
668
669 if (&$vm_is_volid_owner($storecfg, $vmid, $volid)) {
670 if ($force || $key =~ m/^unused/) {
671 eval {
672 # check if the disk is really unused
673 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, $key);
674 my $path = PVE::Storage::path($storecfg, $volid);
675
676 die "unable to delete '$volid' - volume is still in use (snapshot?)\n"
677 if $used_paths->{$path};
678
679 PVE::Storage::vdisk_free($storecfg, $volid);
680 };
681 die $@ if $@;
682 } else {
683 PVE::QemuServer::add_unused_volume($conf, $volid, $vmid);
684 }
685 }
686 }
687
688 delete $conf->{$key};
689 };
690
691 my $vmconfig_delete_option = sub {
692 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force) = @_;
693
694 return if !defined($conf->{$opt});
695
696 my $isDisk = PVE::QemuServer::valid_drivename($opt)|| ($opt =~ m/^unused/);
697
698 if ($isDisk) {
699 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
700
701 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
702 if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
703 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
704 }
705 }
706
707 my $unplugwarning = "";
708 if ($conf->{ostype} && $conf->{ostype} eq 'l26') {
709 $unplugwarning = "<br>verify that you have acpiphp && pci_hotplug modules loaded in your guest VM";
710 } elsif ($conf->{ostype} && $conf->{ostype} eq 'l24') {
711 $unplugwarning = "<br>kernel 2.4 don't support hotplug, please disable hotplug in options";
712 } elsif (!$conf->{ostype} || ($conf->{ostype} && $conf->{ostype} eq 'other')) {
713 $unplugwarning = "<br>verify that your guest support acpi hotplug";
714 }
715
716 if ($opt eq 'tablet') {
717 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
718 } else {
719 die "error hot-unplug $opt $unplugwarning" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
720 }
721
722 if ($isDisk) {
723 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
724 &$delete_drive($conf, $storecfg, $vmid, $opt, $drive, $force);
725 } else {
726 delete $conf->{$opt};
727 }
728
729 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
730 };
731
732 my $safe_num_ne = sub {
733 my ($a, $b) = @_;
734
735 return 0 if !defined($a) && !defined($b);
736 return 1 if !defined($a);
737 return 1 if !defined($b);
738
739 return $a != $b;
740 };
741
742 my $vmconfig_update_disk = sub {
743 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value, $force) = @_;
744
745 my $drive = PVE::QemuServer::parse_drive($opt, $value);
746
747 if (PVE::QemuServer::drive_is_cdrom($drive)) { #cdrom
748 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
749 } else {
750 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
751 }
752
753 if ($conf->{$opt}) {
754
755 if (my $old_drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt})) {
756
757 my $media = $drive->{media} || 'disk';
758 my $oldmedia = $old_drive->{media} || 'disk';
759 die "unable to change media type\n" if $media ne $oldmedia;
760
761 if (!PVE::QemuServer::drive_is_cdrom($old_drive) &&
762 ($drive->{file} ne $old_drive->{file})) { # delete old disks
763
764 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
765 $conf = PVE::QemuServer::load_config($vmid); # update/reload
766 }
767
768 if(&$safe_num_ne($drive->{mbps}, $old_drive->{mbps}) ||
769 &$safe_num_ne($drive->{mbps_rd}, $old_drive->{mbps_rd}) ||
770 &$safe_num_ne($drive->{mbps_wr}, $old_drive->{mbps_wr}) ||
771 &$safe_num_ne($drive->{iops}, $old_drive->{iops}) ||
772 &$safe_num_ne($drive->{iops_rd}, $old_drive->{iops_rd}) ||
773 &$safe_num_ne($drive->{iops_wr}, $old_drive->{iops_wr}) ||
774 &$safe_num_ne($drive->{mbps_max}, $old_drive->{mbps_max}) ||
775 &$safe_num_ne($drive->{mbps_rd_max}, $old_drive->{mbps_rd_max}) ||
776 &$safe_num_ne($drive->{mbps_wr_max}, $old_drive->{mbps_wr_max}) ||
777 &$safe_num_ne($drive->{iops_max}, $old_drive->{iops_max}) ||
778 &$safe_num_ne($drive->{iops_rd_max}, $old_drive->{iops_rd_max}) ||
779 &$safe_num_ne($drive->{iops_wr_max}, $old_drive->{iops_wr_max})) {
780 PVE::QemuServer::qemu_block_set_io_throttle($vmid,"drive-$opt",
781 ($drive->{mbps} || 0)*1024*1024,
782 ($drive->{mbps_rd} || 0)*1024*1024,
783 ($drive->{mbps_wr} || 0)*1024*1024,
784 $drive->{iops} || 0,
785 $drive->{iops_rd} || 0,
786 $drive->{iops_wr} || 0,
787 ($drive->{mbps_max} || 0)*1024*1024,
788 ($drive->{mbps_rd_max} || 0)*1024*1024,
789 ($drive->{mbps_wr_max} || 0)*1024*1024,
790 $drive->{iops_max} || 0,
791 $drive->{iops_rd_max} || 0,
792 $drive->{iops_wr_max} || 0)
793 if !PVE::QemuServer::drive_is_cdrom($drive);
794 }
795 }
796 }
797
798 &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, undef, {$opt => $value});
799 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
800
801 $conf = PVE::QemuServer::load_config($vmid); # update/reload
802 $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
803
804 if (PVE::QemuServer::drive_is_cdrom($drive)) { # cdrom
805
806 if (PVE::QemuServer::check_running($vmid)) {
807 if ($drive->{file} eq 'none') {
808 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt");
809 } else {
810 my $path = PVE::QemuServer::get_iso_path($storecfg, $vmid, $drive->{file});
811 PVE::QemuServer::vm_mon_cmd($vmid, "eject",force => JSON::true,device => "drive-$opt"); #force eject if locked
812 PVE::QemuServer::vm_mon_cmd($vmid, "change",device => "drive-$opt",target => "$path") if $path;
813 }
814 }
815
816 } else { # hotplug new disks
817
818 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $drive);
819 }
820 };
821
822 my $vmconfig_update_net = sub {
823 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $value) = @_;
824
825 if ($conf->{$opt} && PVE::QemuServer::check_running($vmid)) {
826 my $oldnet = PVE::QemuServer::parse_net($conf->{$opt});
827 my $newnet = PVE::QemuServer::parse_net($value);
828
829 if($oldnet->{model} ne $newnet->{model}){
830 #if model change, we try to hot-unplug
831 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
832 }else{
833
834 if($newnet->{bridge} && $oldnet->{bridge}){
835 my $iface = "tap".$vmid."i".$1 if $opt =~ m/net(\d+)/;
836
837 if($newnet->{rate} ne $oldnet->{rate}){
838 PVE::Network::tap_rate_limit($iface, $newnet->{rate});
839 }
840
841 if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
842 PVE::Network::tap_unplug($iface);
843 PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
844 }
845
846 }else{
847 #if bridge/nat mode change, we try to hot-unplug
848 die "error hot-unplug $opt for update" if !PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
849 }
850 }
851
852 }
853 $conf->{$opt} = $value;
854 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
855 $conf = PVE::QemuServer::load_config($vmid); # update/reload
856
857 my $net = PVE::QemuServer::parse_net($conf->{$opt});
858
859 die "error hotplug $opt" if !PVE::QemuServer::vm_deviceplug($storecfg, $conf, $vmid, $opt, $net);
860 };
861
862 # POST/PUT {vmid}/config implementation
863 #
864 # The original API used PUT (idempotent) an we assumed that all operations
865 # are fast. But it turned out that almost any configuration change can
866 # involve hot-plug actions, or disk alloc/free. Such actions can take long
867 # time to complete and have side effects (not idempotent).
868 #
869 # The new implementation uses POST and forks a worker process. We added
870 # a new option 'background_delay'. If specified we wait up to
871 # 'background_delay' second for the worker task to complete. It returns null
872 # if the task is finished within that time, else we return the UPID.
873
874 my $update_vm_api = sub {
875 my ($param, $sync) = @_;
876
877 my $rpcenv = PVE::RPCEnvironment::get();
878
879 my $authuser = $rpcenv->get_user();
880
881 my $node = extract_param($param, 'node');
882
883 my $vmid = extract_param($param, 'vmid');
884
885 my $digest = extract_param($param, 'digest');
886
887 my $background_delay = extract_param($param, 'background_delay');
888
889 my @paramarr = (); # used for log message
890 foreach my $key (keys %$param) {
891 push @paramarr, "-$key", $param->{$key};
892 }
893
894 my $skiplock = extract_param($param, 'skiplock');
895 raise_param_exc({ skiplock => "Only root may use this option." })
896 if $skiplock && $authuser ne 'root@pam';
897
898 my $delete_str = extract_param($param, 'delete');
899
900 my $force = extract_param($param, 'force');
901
902 die "no options specified\n" if !$delete_str && !scalar(keys %$param);
903
904 my $storecfg = PVE::Storage::config();
905
906 my $defaults = PVE::QemuServer::load_defaults();
907
908 &$resolve_cdrom_alias($param);
909
910 # now try to verify all parameters
911
912 my @delete = ();
913 foreach my $opt (PVE::Tools::split_list($delete_str)) {
914 $opt = 'ide2' if $opt eq 'cdrom';
915 raise_param_exc({ delete => "you can't use '-$opt' and " .
916 "-delete $opt' at the same time" })
917 if defined($param->{$opt});
918
919 if (!PVE::QemuServer::option_exists($opt)) {
920 raise_param_exc({ delete => "unknown option '$opt'" });
921 }
922
923 push @delete, $opt;
924 }
925
926 foreach my $opt (keys %$param) {
927 if (PVE::QemuServer::valid_drivename($opt)) {
928 # cleanup drive path
929 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
930 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
931 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
932 } elsif ($opt =~ m/^net(\d+)$/) {
933 # add macaddr
934 my $net = PVE::QemuServer::parse_net($param->{$opt});
935 $param->{$opt} = PVE::QemuServer::print_net($net);
936 }
937 }
938
939 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
940
941 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
942
943 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
944
945 my $updatefn = sub {
946
947 my $conf = PVE::QemuServer::load_config($vmid);
948
949 die "checksum missmatch (file change by other user?)\n"
950 if $digest && $digest ne $conf->{digest};
951
952 PVE::QemuServer::check_lock($conf) if !$skiplock;
953
954 if ($param->{memory} || defined($param->{balloon})) {
955 my $maxmem = $param->{memory} || $conf->{memory} || $defaults->{memory};
956 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{balloon};
957
958 die "balloon value too large (must be smaller than assigned memory)\n"
959 if $balloon && $balloon > $maxmem;
960 }
961
962 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
963
964 my $worker = sub {
965
966 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
967
968 foreach my $opt (@delete) { # delete
969 $conf = PVE::QemuServer::load_config($vmid); # update/reload
970 &$vmconfig_delete_option($rpcenv, $authuser, $conf, $storecfg, $vmid, $opt, $force);
971 }
972
973 my $running = PVE::QemuServer::check_running($vmid);
974
975 foreach my $opt (keys %$param) { # add/change
976
977 $conf = PVE::QemuServer::load_config($vmid); # update/reload
978
979 next if $conf->{$opt} && ($param->{$opt} eq $conf->{$opt}); # skip if nothing changed
980
981 if (PVE::QemuServer::valid_drivename($opt)) {
982
983 &$vmconfig_update_disk($rpcenv, $authuser, $conf, $storecfg, $vmid,
984 $opt, $param->{$opt}, $force);
985
986 } elsif ($opt =~ m/^net(\d+)$/) { #nics
987
988 &$vmconfig_update_net($rpcenv, $authuser, $conf, $storecfg, $vmid,
989 $opt, $param->{$opt});
990
991 } else {
992
993 if($opt eq 'tablet' && $param->{$opt} == 1){
994 PVE::QemuServer::vm_deviceplug(undef, $conf, $vmid, $opt);
995 } elsif($opt eq 'tablet' && $param->{$opt} == 0){
996 PVE::QemuServer::vm_deviceunplug($vmid, $conf, $opt);
997 }
998
999 if($opt eq 'cores' && $conf->{maxcpus}){
1000 PVE::QemuServer::qemu_cpu_hotplug($vmid, $conf, $param->{$opt});
1001 }
1002
1003 $conf->{$opt} = $param->{$opt};
1004 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
1005 }
1006 }
1007
1008 # allow manual ballooning if shares is set to zero
1009 if ($running && defined($param->{balloon}) &&
1010 defined($conf->{shares}) && ($conf->{shares} == 0)) {
1011 my $balloon = $param->{'balloon'} || $conf->{memory} || $defaults->{memory};
1012 PVE::QemuServer::vm_mon_cmd($vmid, "balloon", value => $balloon*1024*1024);
1013 }
1014 };
1015
1016 if ($sync) {
1017 &$worker();
1018 return undef;
1019 } else {
1020 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1021
1022 if ($background_delay) {
1023
1024 # Note: It would be better to do that in the Event based HTTPServer
1025 # to avoid blocking call to sleep.
1026
1027 my $end_time = time() + $background_delay;
1028
1029 my $task = PVE::Tools::upid_decode($upid);
1030
1031 my $running = 1;
1032 while (time() < $end_time) {
1033 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1034 last if !$running;
1035 sleep(1); # this gets interrupted when child process ends
1036 }
1037
1038 if (!$running) {
1039 my $status = PVE::Tools::upid_read_status($upid);
1040 return undef if $status eq 'OK';
1041 die $status;
1042 }
1043 }
1044
1045 return $upid;
1046 }
1047 };
1048
1049 return PVE::QemuServer::lock_config($vmid, $updatefn);
1050 };
1051
1052 my $vm_config_perm_list = [
1053 'VM.Config.Disk',
1054 'VM.Config.CDROM',
1055 'VM.Config.CPU',
1056 'VM.Config.Memory',
1057 'VM.Config.Network',
1058 'VM.Config.HWType',
1059 'VM.Config.Options',
1060 ];
1061
1062 __PACKAGE__->register_method({
1063 name => 'update_vm_async',
1064 path => '{vmid}/config',
1065 method => 'POST',
1066 protected => 1,
1067 proxyto => 'node',
1068 description => "Set virtual machine options (asynchrounous API).",
1069 permissions => {
1070 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1071 },
1072 parameters => {
1073 additionalProperties => 0,
1074 properties => PVE::QemuServer::json_config_properties(
1075 {
1076 node => get_standard_option('pve-node'),
1077 vmid => get_standard_option('pve-vmid'),
1078 skiplock => get_standard_option('skiplock'),
1079 delete => {
1080 type => 'string', format => 'pve-configid-list',
1081 description => "A list of settings you want to delete.",
1082 optional => 1,
1083 },
1084 force => {
1085 type => 'boolean',
1086 description => $opt_force_description,
1087 optional => 1,
1088 requires => 'delete',
1089 },
1090 digest => {
1091 type => 'string',
1092 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1093 maxLength => 40,
1094 optional => 1,
1095 },
1096 background_delay => {
1097 type => 'integer',
1098 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1099 minimum => 1,
1100 maximum => 30,
1101 optional => 1,
1102 },
1103 }),
1104 },
1105 returns => {
1106 type => 'string',
1107 optional => 1,
1108 },
1109 code => $update_vm_api,
1110 });
1111
1112 __PACKAGE__->register_method({
1113 name => 'update_vm',
1114 path => '{vmid}/config',
1115 method => 'PUT',
1116 protected => 1,
1117 proxyto => 'node',
1118 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1119 permissions => {
1120 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1121 },
1122 parameters => {
1123 additionalProperties => 0,
1124 properties => PVE::QemuServer::json_config_properties(
1125 {
1126 node => get_standard_option('pve-node'),
1127 vmid => get_standard_option('pve-vmid'),
1128 skiplock => get_standard_option('skiplock'),
1129 delete => {
1130 type => 'string', format => 'pve-configid-list',
1131 description => "A list of settings you want to delete.",
1132 optional => 1,
1133 },
1134 force => {
1135 type => 'boolean',
1136 description => $opt_force_description,
1137 optional => 1,
1138 requires => 'delete',
1139 },
1140 digest => {
1141 type => 'string',
1142 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1143 maxLength => 40,
1144 optional => 1,
1145 },
1146 }),
1147 },
1148 returns => { type => 'null' },
1149 code => sub {
1150 my ($param) = @_;
1151 &$update_vm_api($param, 1);
1152 return undef;
1153 }
1154 });
1155
1156
1157 __PACKAGE__->register_method({
1158 name => 'destroy_vm',
1159 path => '{vmid}',
1160 method => 'DELETE',
1161 protected => 1,
1162 proxyto => 'node',
1163 description => "Destroy the vm (also delete all used/owned volumes).",
1164 permissions => {
1165 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1166 },
1167 parameters => {
1168 additionalProperties => 0,
1169 properties => {
1170 node => get_standard_option('pve-node'),
1171 vmid => get_standard_option('pve-vmid'),
1172 skiplock => get_standard_option('skiplock'),
1173 },
1174 },
1175 returns => {
1176 type => 'string',
1177 },
1178 code => sub {
1179 my ($param) = @_;
1180
1181 my $rpcenv = PVE::RPCEnvironment::get();
1182
1183 my $authuser = $rpcenv->get_user();
1184
1185 my $vmid = $param->{vmid};
1186
1187 my $skiplock = $param->{skiplock};
1188 raise_param_exc({ skiplock => "Only root may use this option." })
1189 if $skiplock && $authuser ne 'root@pam';
1190
1191 # test if VM exists
1192 my $conf = PVE::QemuServer::load_config($vmid);
1193
1194 my $storecfg = PVE::Storage::config();
1195
1196 my $delVMfromPoolFn = sub {
1197 my $usercfg = cfs_read_file("user.cfg");
1198 if (my $pool = $usercfg->{vms}->{$vmid}) {
1199 if (my $data = $usercfg->{pools}->{$pool}) {
1200 delete $data->{vms}->{$vmid};
1201 delete $usercfg->{vms}->{$vmid};
1202 cfs_write_file("user.cfg", $usercfg);
1203 }
1204 }
1205 };
1206
1207 my $realcmd = sub {
1208 my $upid = shift;
1209
1210 syslog('info', "destroy VM $vmid: $upid\n");
1211
1212 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1213
1214 PVE::AccessControl::remove_vm_from_pool($vmid);
1215 };
1216
1217 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1218 }});
1219
1220 __PACKAGE__->register_method({
1221 name => 'unlink',
1222 path => '{vmid}/unlink',
1223 method => 'PUT',
1224 protected => 1,
1225 proxyto => 'node',
1226 description => "Unlink/delete disk images.",
1227 permissions => {
1228 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1229 },
1230 parameters => {
1231 additionalProperties => 0,
1232 properties => {
1233 node => get_standard_option('pve-node'),
1234 vmid => get_standard_option('pve-vmid'),
1235 idlist => {
1236 type => 'string', format => 'pve-configid-list',
1237 description => "A list of disk IDs you want to delete.",
1238 },
1239 force => {
1240 type => 'boolean',
1241 description => $opt_force_description,
1242 optional => 1,
1243 },
1244 },
1245 },
1246 returns => { type => 'null'},
1247 code => sub {
1248 my ($param) = @_;
1249
1250 $param->{delete} = extract_param($param, 'idlist');
1251
1252 __PACKAGE__->update_vm($param);
1253
1254 return undef;
1255 }});
1256
1257 my $sslcert;
1258
1259 __PACKAGE__->register_method({
1260 name => 'vncproxy',
1261 path => '{vmid}/vncproxy',
1262 method => 'POST',
1263 protected => 1,
1264 permissions => {
1265 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1266 },
1267 description => "Creates a TCP VNC proxy connections.",
1268 parameters => {
1269 additionalProperties => 0,
1270 properties => {
1271 node => get_standard_option('pve-node'),
1272 vmid => get_standard_option('pve-vmid'),
1273 websocket => {
1274 optional => 1,
1275 type => 'boolean',
1276 description => "starts websockify instead of vncproxy",
1277 },
1278 },
1279 },
1280 returns => {
1281 additionalProperties => 0,
1282 properties => {
1283 user => { type => 'string' },
1284 ticket => { type => 'string' },
1285 cert => { type => 'string' },
1286 port => { type => 'integer' },
1287 upid => { type => 'string' },
1288 },
1289 },
1290 code => sub {
1291 my ($param) = @_;
1292
1293 my $rpcenv = PVE::RPCEnvironment::get();
1294
1295 my $authuser = $rpcenv->get_user();
1296
1297 my $vmid = $param->{vmid};
1298 my $node = $param->{node};
1299 my $websocket = $param->{websocket};
1300
1301 my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
1302
1303 my $authpath = "/vms/$vmid";
1304
1305 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1306
1307 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1308 if !$sslcert;
1309
1310 my $port = PVE::Tools::next_vnc_port();
1311
1312 my $remip;
1313 my $remcmd = [];
1314
1315 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1316 $remip = PVE::Cluster::remote_node_ip($node);
1317 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1318 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1319 }
1320
1321 my $timeout = 10;
1322
1323 my $realcmd = sub {
1324 my $upid = shift;
1325
1326 syslog('info', "starting vnc proxy $upid\n");
1327
1328 my $cmd;
1329
1330 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1331
1332 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1333
1334 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1335 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1336 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1337 '-timeout', $timeout, '-authpath', $authpath,
1338 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1339 } else {
1340
1341 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1342
1343 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1344
1345 my $qmstr = join(' ', @$qmcmd);
1346
1347 # also redirect stderr (else we get RFB protocol errors)
1348 $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
1349 }
1350
1351 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1352
1353 PVE::Tools::run_command($cmd);
1354
1355 return;
1356 };
1357
1358 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1359
1360 PVE::Tools::wait_for_vnc_port($port);
1361
1362 return {
1363 user => $authuser,
1364 ticket => $ticket,
1365 port => $port,
1366 upid => $upid,
1367 cert => $sslcert,
1368 };
1369 }});
1370
1371 __PACKAGE__->register_method({
1372 name => 'vncwebsocket',
1373 path => '{vmid}/vncwebsocket',
1374 method => 'GET',
1375 permissions => {
1376 description => "You also need to pass a valid ticket (vncticket).",
1377 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1378 },
1379 description => "Opens a weksocket for VNC traffic.",
1380 parameters => {
1381 additionalProperties => 0,
1382 properties => {
1383 node => get_standard_option('pve-node'),
1384 vmid => get_standard_option('pve-vmid'),
1385 vncticket => {
1386 description => "Ticket from previous call to vncproxy.",
1387 type => 'string',
1388 maxLength => 512,
1389 },
1390 port => {
1391 description => "Port number returned by previous vncproxy call.",
1392 type => 'integer',
1393 minimum => 5900,
1394 maximum => 5999,
1395 },
1396 },
1397 },
1398 returns => {
1399 type => "object",
1400 properties => {
1401 port => { type => 'string' },
1402 },
1403 },
1404 code => sub {
1405 my ($param) = @_;
1406
1407 my $rpcenv = PVE::RPCEnvironment::get();
1408
1409 my $authuser = $rpcenv->get_user();
1410
1411 my $vmid = $param->{vmid};
1412 my $node = $param->{node};
1413
1414 my $authpath = "/vms/$vmid";
1415
1416 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1417
1418 my $conf = PVE::QemuServer::load_config($vmid, $node); # VM exists ?
1419
1420 # Note: VNC ports are acessible from outside, so we do not gain any
1421 # security if we verify that $param->{port} belongs to VM $vmid. This
1422 # check is done by verifying the VNC ticket (inside VNC protocol).
1423
1424 my $port = $param->{port};
1425
1426 return { port => $port };
1427 }});
1428
1429 __PACKAGE__->register_method({
1430 name => 'spiceproxy',
1431 path => '{vmid}/spiceproxy',
1432 method => 'POST',
1433 protected => 1,
1434 proxyto => 'node',
1435 permissions => {
1436 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1437 },
1438 description => "Returns a SPICE configuration to connect to the VM.",
1439 parameters => {
1440 additionalProperties => 0,
1441 properties => {
1442 node => get_standard_option('pve-node'),
1443 vmid => get_standard_option('pve-vmid'),
1444 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1445 },
1446 },
1447 returns => get_standard_option('remote-viewer-config'),
1448 code => sub {
1449 my ($param) = @_;
1450
1451 my $rpcenv = PVE::RPCEnvironment::get();
1452
1453 my $authuser = $rpcenv->get_user();
1454
1455 my $vmid = $param->{vmid};
1456 my $node = $param->{node};
1457 my $proxy = $param->{proxy};
1458
1459 my $conf = PVE::QemuServer::load_config($vmid, $node);
1460 my $title = "VM $vmid - $conf->{'name'}",
1461
1462 my $port = PVE::QemuServer::spice_port($vmid);
1463
1464 my ($ticket, undef, $remote_viewer_config) =
1465 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1466
1467 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1468 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1469
1470 return $remote_viewer_config;
1471 }});
1472
1473 __PACKAGE__->register_method({
1474 name => 'vmcmdidx',
1475 path => '{vmid}/status',
1476 method => 'GET',
1477 proxyto => 'node',
1478 description => "Directory index",
1479 permissions => {
1480 user => 'all',
1481 },
1482 parameters => {
1483 additionalProperties => 0,
1484 properties => {
1485 node => get_standard_option('pve-node'),
1486 vmid => get_standard_option('pve-vmid'),
1487 },
1488 },
1489 returns => {
1490 type => 'array',
1491 items => {
1492 type => "object",
1493 properties => {
1494 subdir => { type => 'string' },
1495 },
1496 },
1497 links => [ { rel => 'child', href => "{subdir}" } ],
1498 },
1499 code => sub {
1500 my ($param) = @_;
1501
1502 # test if VM exists
1503 my $conf = PVE::QemuServer::load_config($param->{vmid});
1504
1505 my $res = [
1506 { subdir => 'current' },
1507 { subdir => 'start' },
1508 { subdir => 'stop' },
1509 ];
1510
1511 return $res;
1512 }});
1513
1514 my $vm_is_ha_managed = sub {
1515 my ($vmid) = @_;
1516
1517 my $cc = PVE::Cluster::cfs_read_file('cluster.conf');
1518 if (PVE::Cluster::cluster_conf_lookup_pvevm($cc, 0, $vmid, 1)) {
1519 return 1;
1520 }
1521 return 0;
1522 };
1523
1524 __PACKAGE__->register_method({
1525 name => 'vm_status',
1526 path => '{vmid}/status/current',
1527 method => 'GET',
1528 proxyto => 'node',
1529 protected => 1, # qemu pid files are only readable by root
1530 description => "Get virtual machine status.",
1531 permissions => {
1532 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1533 },
1534 parameters => {
1535 additionalProperties => 0,
1536 properties => {
1537 node => get_standard_option('pve-node'),
1538 vmid => get_standard_option('pve-vmid'),
1539 },
1540 },
1541 returns => { type => 'object' },
1542 code => sub {
1543 my ($param) = @_;
1544
1545 # test if VM exists
1546 my $conf = PVE::QemuServer::load_config($param->{vmid});
1547
1548 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1549 my $status = $vmstatus->{$param->{vmid}};
1550
1551 $status->{ha} = &$vm_is_ha_managed($param->{vmid});
1552
1553 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1554
1555 return $status;
1556 }});
1557
1558 __PACKAGE__->register_method({
1559 name => 'vm_start',
1560 path => '{vmid}/status/start',
1561 method => 'POST',
1562 protected => 1,
1563 proxyto => 'node',
1564 description => "Start virtual machine.",
1565 permissions => {
1566 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1567 },
1568 parameters => {
1569 additionalProperties => 0,
1570 properties => {
1571 node => get_standard_option('pve-node'),
1572 vmid => get_standard_option('pve-vmid'),
1573 skiplock => get_standard_option('skiplock'),
1574 stateuri => get_standard_option('pve-qm-stateuri'),
1575 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1576 machine => get_standard_option('pve-qm-machine'),
1577 },
1578 },
1579 returns => {
1580 type => 'string',
1581 },
1582 code => sub {
1583 my ($param) = @_;
1584
1585 my $rpcenv = PVE::RPCEnvironment::get();
1586
1587 my $authuser = $rpcenv->get_user();
1588
1589 my $node = extract_param($param, 'node');
1590
1591 my $vmid = extract_param($param, 'vmid');
1592
1593 my $machine = extract_param($param, 'machine');
1594
1595 my $stateuri = extract_param($param, 'stateuri');
1596 raise_param_exc({ stateuri => "Only root may use this option." })
1597 if $stateuri && $authuser ne 'root@pam';
1598
1599 my $skiplock = extract_param($param, 'skiplock');
1600 raise_param_exc({ skiplock => "Only root may use this option." })
1601 if $skiplock && $authuser ne 'root@pam';
1602
1603 my $migratedfrom = extract_param($param, 'migratedfrom');
1604 raise_param_exc({ migratedfrom => "Only root may use this option." })
1605 if $migratedfrom && $authuser ne 'root@pam';
1606
1607 # read spice ticket from STDIN
1608 my $spice_ticket;
1609 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1610 if (defined(my $line = <>)) {
1611 chomp $line;
1612 $spice_ticket = $line;
1613 }
1614 }
1615
1616 my $storecfg = PVE::Storage::config();
1617
1618 if (&$vm_is_ha_managed($vmid) && !$stateuri &&
1619 $rpcenv->{type} ne 'ha') {
1620
1621 my $hacmd = sub {
1622 my $upid = shift;
1623
1624 my $service = "pvevm:$vmid";
1625
1626 my $cmd = ['clusvcadm', '-e', $service, '-m', $node];
1627
1628 print "Executing HA start for VM $vmid\n";
1629
1630 PVE::Tools::run_command($cmd);
1631
1632 return;
1633 };
1634
1635 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1636
1637 } else {
1638
1639 my $realcmd = sub {
1640 my $upid = shift;
1641
1642 syslog('info', "start VM $vmid: $upid\n");
1643
1644 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1645 $machine, $spice_ticket);
1646
1647 return;
1648 };
1649
1650 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1651 }
1652 }});
1653
1654 __PACKAGE__->register_method({
1655 name => 'vm_stop',
1656 path => '{vmid}/status/stop',
1657 method => 'POST',
1658 protected => 1,
1659 proxyto => 'node',
1660 description => "Stop virtual machine.",
1661 permissions => {
1662 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1663 },
1664 parameters => {
1665 additionalProperties => 0,
1666 properties => {
1667 node => get_standard_option('pve-node'),
1668 vmid => get_standard_option('pve-vmid'),
1669 skiplock => get_standard_option('skiplock'),
1670 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1671 timeout => {
1672 description => "Wait maximal timeout seconds.",
1673 type => 'integer',
1674 minimum => 0,
1675 optional => 1,
1676 },
1677 keepActive => {
1678 description => "Do not decativate storage volumes.",
1679 type => 'boolean',
1680 optional => 1,
1681 default => 0,
1682 }
1683 },
1684 },
1685 returns => {
1686 type => 'string',
1687 },
1688 code => sub {
1689 my ($param) = @_;
1690
1691 my $rpcenv = PVE::RPCEnvironment::get();
1692
1693 my $authuser = $rpcenv->get_user();
1694
1695 my $node = extract_param($param, 'node');
1696
1697 my $vmid = extract_param($param, 'vmid');
1698
1699 my $skiplock = extract_param($param, 'skiplock');
1700 raise_param_exc({ skiplock => "Only root may use this option." })
1701 if $skiplock && $authuser ne 'root@pam';
1702
1703 my $keepActive = extract_param($param, 'keepActive');
1704 raise_param_exc({ keepActive => "Only root may use this option." })
1705 if $keepActive && $authuser ne 'root@pam';
1706
1707 my $migratedfrom = extract_param($param, 'migratedfrom');
1708 raise_param_exc({ migratedfrom => "Only root may use this option." })
1709 if $migratedfrom && $authuser ne 'root@pam';
1710
1711
1712 my $storecfg = PVE::Storage::config();
1713
1714 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
1715
1716 my $hacmd = sub {
1717 my $upid = shift;
1718
1719 my $service = "pvevm:$vmid";
1720
1721 my $cmd = ['clusvcadm', '-d', $service];
1722
1723 print "Executing HA stop for VM $vmid\n";
1724
1725 PVE::Tools::run_command($cmd);
1726
1727 return;
1728 };
1729
1730 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1731
1732 } else {
1733 my $realcmd = sub {
1734 my $upid = shift;
1735
1736 syslog('info', "stop VM $vmid: $upid\n");
1737
1738 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1739 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1740
1741 return;
1742 };
1743
1744 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1745 }
1746 }});
1747
1748 __PACKAGE__->register_method({
1749 name => 'vm_reset',
1750 path => '{vmid}/status/reset',
1751 method => 'POST',
1752 protected => 1,
1753 proxyto => 'node',
1754 description => "Reset virtual machine.",
1755 permissions => {
1756 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1757 },
1758 parameters => {
1759 additionalProperties => 0,
1760 properties => {
1761 node => get_standard_option('pve-node'),
1762 vmid => get_standard_option('pve-vmid'),
1763 skiplock => get_standard_option('skiplock'),
1764 },
1765 },
1766 returns => {
1767 type => 'string',
1768 },
1769 code => sub {
1770 my ($param) = @_;
1771
1772 my $rpcenv = PVE::RPCEnvironment::get();
1773
1774 my $authuser = $rpcenv->get_user();
1775
1776 my $node = extract_param($param, 'node');
1777
1778 my $vmid = extract_param($param, 'vmid');
1779
1780 my $skiplock = extract_param($param, 'skiplock');
1781 raise_param_exc({ skiplock => "Only root may use this option." })
1782 if $skiplock && $authuser ne 'root@pam';
1783
1784 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1785
1786 my $realcmd = sub {
1787 my $upid = shift;
1788
1789 PVE::QemuServer::vm_reset($vmid, $skiplock);
1790
1791 return;
1792 };
1793
1794 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1795 }});
1796
1797 __PACKAGE__->register_method({
1798 name => 'vm_shutdown',
1799 path => '{vmid}/status/shutdown',
1800 method => 'POST',
1801 protected => 1,
1802 proxyto => 'node',
1803 description => "Shutdown virtual machine.",
1804 permissions => {
1805 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1806 },
1807 parameters => {
1808 additionalProperties => 0,
1809 properties => {
1810 node => get_standard_option('pve-node'),
1811 vmid => get_standard_option('pve-vmid'),
1812 skiplock => get_standard_option('skiplock'),
1813 timeout => {
1814 description => "Wait maximal timeout seconds.",
1815 type => 'integer',
1816 minimum => 0,
1817 optional => 1,
1818 },
1819 forceStop => {
1820 description => "Make sure the VM stops.",
1821 type => 'boolean',
1822 optional => 1,
1823 default => 0,
1824 },
1825 keepActive => {
1826 description => "Do not decativate storage volumes.",
1827 type => 'boolean',
1828 optional => 1,
1829 default => 0,
1830 }
1831 },
1832 },
1833 returns => {
1834 type => 'string',
1835 },
1836 code => sub {
1837 my ($param) = @_;
1838
1839 my $rpcenv = PVE::RPCEnvironment::get();
1840
1841 my $authuser = $rpcenv->get_user();
1842
1843 my $node = extract_param($param, 'node');
1844
1845 my $vmid = extract_param($param, 'vmid');
1846
1847 my $skiplock = extract_param($param, 'skiplock');
1848 raise_param_exc({ skiplock => "Only root may use this option." })
1849 if $skiplock && $authuser ne 'root@pam';
1850
1851 my $keepActive = extract_param($param, 'keepActive');
1852 raise_param_exc({ keepActive => "Only root may use this option." })
1853 if $keepActive && $authuser ne 'root@pam';
1854
1855 my $storecfg = PVE::Storage::config();
1856
1857 my $realcmd = sub {
1858 my $upid = shift;
1859
1860 syslog('info', "shutdown VM $vmid: $upid\n");
1861
1862 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1863 1, $param->{forceStop}, $keepActive);
1864
1865 return;
1866 };
1867
1868 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1869 }});
1870
1871 __PACKAGE__->register_method({
1872 name => 'vm_suspend',
1873 path => '{vmid}/status/suspend',
1874 method => 'POST',
1875 protected => 1,
1876 proxyto => 'node',
1877 description => "Suspend virtual machine.",
1878 permissions => {
1879 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1880 },
1881 parameters => {
1882 additionalProperties => 0,
1883 properties => {
1884 node => get_standard_option('pve-node'),
1885 vmid => get_standard_option('pve-vmid'),
1886 skiplock => get_standard_option('skiplock'),
1887 },
1888 },
1889 returns => {
1890 type => 'string',
1891 },
1892 code => sub {
1893 my ($param) = @_;
1894
1895 my $rpcenv = PVE::RPCEnvironment::get();
1896
1897 my $authuser = $rpcenv->get_user();
1898
1899 my $node = extract_param($param, 'node');
1900
1901 my $vmid = extract_param($param, 'vmid');
1902
1903 my $skiplock = extract_param($param, 'skiplock');
1904 raise_param_exc({ skiplock => "Only root may use this option." })
1905 if $skiplock && $authuser ne 'root@pam';
1906
1907 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1908
1909 my $realcmd = sub {
1910 my $upid = shift;
1911
1912 syslog('info', "suspend VM $vmid: $upid\n");
1913
1914 PVE::QemuServer::vm_suspend($vmid, $skiplock);
1915
1916 return;
1917 };
1918
1919 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
1920 }});
1921
1922 __PACKAGE__->register_method({
1923 name => 'vm_resume',
1924 path => '{vmid}/status/resume',
1925 method => 'POST',
1926 protected => 1,
1927 proxyto => 'node',
1928 description => "Resume virtual machine.",
1929 permissions => {
1930 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1931 },
1932 parameters => {
1933 additionalProperties => 0,
1934 properties => {
1935 node => get_standard_option('pve-node'),
1936 vmid => get_standard_option('pve-vmid'),
1937 skiplock => get_standard_option('skiplock'),
1938 },
1939 },
1940 returns => {
1941 type => 'string',
1942 },
1943 code => sub {
1944 my ($param) = @_;
1945
1946 my $rpcenv = PVE::RPCEnvironment::get();
1947
1948 my $authuser = $rpcenv->get_user();
1949
1950 my $node = extract_param($param, 'node');
1951
1952 my $vmid = extract_param($param, 'vmid');
1953
1954 my $skiplock = extract_param($param, 'skiplock');
1955 raise_param_exc({ skiplock => "Only root may use this option." })
1956 if $skiplock && $authuser ne 'root@pam';
1957
1958 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1959
1960 my $realcmd = sub {
1961 my $upid = shift;
1962
1963 syslog('info', "resume VM $vmid: $upid\n");
1964
1965 PVE::QemuServer::vm_resume($vmid, $skiplock);
1966
1967 return;
1968 };
1969
1970 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
1971 }});
1972
1973 __PACKAGE__->register_method({
1974 name => 'vm_sendkey',
1975 path => '{vmid}/sendkey',
1976 method => 'PUT',
1977 protected => 1,
1978 proxyto => 'node',
1979 description => "Send key event to virtual machine.",
1980 permissions => {
1981 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1982 },
1983 parameters => {
1984 additionalProperties => 0,
1985 properties => {
1986 node => get_standard_option('pve-node'),
1987 vmid => get_standard_option('pve-vmid'),
1988 skiplock => get_standard_option('skiplock'),
1989 key => {
1990 description => "The key (qemu monitor encoding).",
1991 type => 'string'
1992 }
1993 },
1994 },
1995 returns => { type => 'null'},
1996 code => sub {
1997 my ($param) = @_;
1998
1999 my $rpcenv = PVE::RPCEnvironment::get();
2000
2001 my $authuser = $rpcenv->get_user();
2002
2003 my $node = extract_param($param, 'node');
2004
2005 my $vmid = extract_param($param, 'vmid');
2006
2007 my $skiplock = extract_param($param, 'skiplock');
2008 raise_param_exc({ skiplock => "Only root may use this option." })
2009 if $skiplock && $authuser ne 'root@pam';
2010
2011 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2012
2013 return;
2014 }});
2015
2016 __PACKAGE__->register_method({
2017 name => 'vm_feature',
2018 path => '{vmid}/feature',
2019 method => 'GET',
2020 proxyto => 'node',
2021 protected => 1,
2022 description => "Check if feature for virtual machine is available.",
2023 permissions => {
2024 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2025 },
2026 parameters => {
2027 additionalProperties => 0,
2028 properties => {
2029 node => get_standard_option('pve-node'),
2030 vmid => get_standard_option('pve-vmid'),
2031 feature => {
2032 description => "Feature to check.",
2033 type => 'string',
2034 enum => [ 'snapshot', 'clone', 'copy' ],
2035 },
2036 snapname => get_standard_option('pve-snapshot-name', {
2037 optional => 1,
2038 }),
2039 },
2040 },
2041 returns => {
2042 type => "object",
2043 properties => {
2044 hasFeature => { type => 'boolean' },
2045 nodes => {
2046 type => 'array',
2047 items => { type => 'string' },
2048 }
2049 },
2050 },
2051 code => sub {
2052 my ($param) = @_;
2053
2054 my $node = extract_param($param, 'node');
2055
2056 my $vmid = extract_param($param, 'vmid');
2057
2058 my $snapname = extract_param($param, 'snapname');
2059
2060 my $feature = extract_param($param, 'feature');
2061
2062 my $running = PVE::QemuServer::check_running($vmid);
2063
2064 my $conf = PVE::QemuServer::load_config($vmid);
2065
2066 if($snapname){
2067 my $snap = $conf->{snapshots}->{$snapname};
2068 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2069 $conf = $snap;
2070 }
2071 my $storecfg = PVE::Storage::config();
2072
2073 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2074 my $hasFeature = PVE::QemuServer::has_feature($feature, $conf, $storecfg, $snapname, $running);
2075
2076 return {
2077 hasFeature => $hasFeature,
2078 nodes => [ keys %$nodelist ],
2079 };
2080 }});
2081
2082 __PACKAGE__->register_method({
2083 name => 'clone_vm',
2084 path => '{vmid}/clone',
2085 method => 'POST',
2086 protected => 1,
2087 proxyto => 'node',
2088 description => "Create a copy of virtual machine/template.",
2089 permissions => {
2090 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2091 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2092 "'Datastore.AllocateSpace' on any used storage.",
2093 check =>
2094 [ 'and',
2095 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2096 [ 'or',
2097 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2098 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2099 ],
2100 ]
2101 },
2102 parameters => {
2103 additionalProperties => 0,
2104 properties => {
2105 node => get_standard_option('pve-node'),
2106 vmid => get_standard_option('pve-vmid'),
2107 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2108 name => {
2109 optional => 1,
2110 type => 'string', format => 'dns-name',
2111 description => "Set a name for the new VM.",
2112 },
2113 description => {
2114 optional => 1,
2115 type => 'string',
2116 description => "Description for the new VM.",
2117 },
2118 pool => {
2119 optional => 1,
2120 type => 'string', format => 'pve-poolid',
2121 description => "Add the new VM to the specified pool.",
2122 },
2123 snapname => get_standard_option('pve-snapshot-name', {
2124 requires => 'full',
2125 optional => 1,
2126 }),
2127 storage => get_standard_option('pve-storage-id', {
2128 description => "Target storage for full clone.",
2129 requires => 'full',
2130 optional => 1,
2131 }),
2132 'format' => {
2133 description => "Target format for file storage.",
2134 requires => 'full',
2135 type => 'string',
2136 optional => 1,
2137 enum => [ 'raw', 'qcow2', 'vmdk'],
2138 },
2139 full => {
2140 optional => 1,
2141 type => 'boolean',
2142 description => "Create a full copy of all disk. This is always done when " .
2143 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2144 default => 0,
2145 },
2146 target => get_standard_option('pve-node', {
2147 description => "Target node. Only allowed if the original VM is on shared storage.",
2148 optional => 1,
2149 }),
2150 },
2151 },
2152 returns => {
2153 type => 'string',
2154 },
2155 code => sub {
2156 my ($param) = @_;
2157
2158 my $rpcenv = PVE::RPCEnvironment::get();
2159
2160 my $authuser = $rpcenv->get_user();
2161
2162 my $node = extract_param($param, 'node');
2163
2164 my $vmid = extract_param($param, 'vmid');
2165
2166 my $newid = extract_param($param, 'newid');
2167
2168 my $pool = extract_param($param, 'pool');
2169
2170 if (defined($pool)) {
2171 $rpcenv->check_pool_exist($pool);
2172 }
2173
2174 my $snapname = extract_param($param, 'snapname');
2175
2176 my $storage = extract_param($param, 'storage');
2177
2178 my $format = extract_param($param, 'format');
2179
2180 my $target = extract_param($param, 'target');
2181
2182 my $localnode = PVE::INotify::nodename();
2183
2184 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2185
2186 PVE::Cluster::check_node_exists($target) if $target;
2187
2188 my $storecfg = PVE::Storage::config();
2189
2190 if ($storage) {
2191 # check if storage is enabled on local node
2192 PVE::Storage::storage_check_enabled($storecfg, $storage);
2193 if ($target) {
2194 # check if storage is available on target node
2195 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2196 # clone only works if target storage is shared
2197 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2198 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2199 }
2200 }
2201
2202 PVE::Cluster::check_cfs_quorum();
2203
2204 my $running = PVE::QemuServer::check_running($vmid) || 0;
2205
2206 # exclusive lock if VM is running - else shared lock is enough;
2207 my $shared_lock = $running ? 0 : 1;
2208
2209 my $clonefn = sub {
2210
2211 # do all tests after lock
2212 # we also try to do all tests before we fork the worker
2213
2214 my $conf = PVE::QemuServer::load_config($vmid);
2215
2216 PVE::QemuServer::check_lock($conf);
2217
2218 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2219
2220 die "unexpected state change\n" if $verify_running != $running;
2221
2222 die "snapshot '$snapname' does not exist\n"
2223 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2224
2225 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2226
2227 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2228
2229 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2230
2231 my $conffile = PVE::QemuServer::config_file($newid);
2232
2233 die "unable to create VM $newid: config file already exists\n"
2234 if -f $conffile;
2235
2236 my $newconf = { lock => 'clone' };
2237 my $drives = {};
2238 my $vollist = [];
2239
2240 foreach my $opt (keys %$oldconf) {
2241 my $value = $oldconf->{$opt};
2242
2243 # do not copy snapshot related info
2244 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2245 $opt eq 'vmstate' || $opt eq 'snapstate';
2246
2247 # always change MAC! address
2248 if ($opt =~ m/^net(\d+)$/) {
2249 my $net = PVE::QemuServer::parse_net($value);
2250 $net->{macaddr} = PVE::Tools::random_ether_addr();
2251 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2252 } elsif (PVE::QemuServer::valid_drivename($opt)) {
2253 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2254 die "unable to parse drive options for '$opt'\n" if !$drive;
2255 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2256 $newconf->{$opt} = $value; # simply copy configuration
2257 } else {
2258 if ($param->{full} || !PVE::Storage::volume_is_base($storecfg, $drive->{file})) {
2259 die "Full clone feature is not available"
2260 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2261 $drive->{full} = 1;
2262 }
2263 $drives->{$opt} = $drive;
2264 push @$vollist, $drive->{file};
2265 }
2266 } else {
2267 # copy everything else
2268 $newconf->{$opt} = $value;
2269 }
2270 }
2271
2272 delete $newconf->{template};
2273
2274 if ($param->{name}) {
2275 $newconf->{name} = $param->{name};
2276 } else {
2277 if ($oldconf->{name}) {
2278 $newconf->{name} = "Copy-of-$oldconf->{name}";
2279 } else {
2280 $newconf->{name} = "Copy-of-VM-$vmid";
2281 }
2282 }
2283
2284 if ($param->{description}) {
2285 $newconf->{description} = $param->{description};
2286 }
2287
2288 # create empty/temp config - this fails if VM already exists on other node
2289 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2290
2291 my $realcmd = sub {
2292 my $upid = shift;
2293
2294 my $newvollist = [];
2295
2296 eval {
2297 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2298
2299 PVE::Storage::activate_volumes($storecfg, $vollist);
2300
2301 foreach my $opt (keys %$drives) {
2302 my $drive = $drives->{$opt};
2303
2304 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2305 $newid, $storage, $format, $drive->{full}, $newvollist);
2306
2307 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2308
2309 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2310 }
2311
2312 delete $newconf->{lock};
2313 PVE::QemuServer::update_config_nolock($newid, $newconf, 1);
2314
2315 if ($target) {
2316 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2317 PVE::Storage::deactivate_volumes($storecfg, $vollist);
2318
2319 my $newconffile = PVE::QemuServer::config_file($newid, $target);
2320 die "Failed to move config to node '$target' - rename failed: $!\n"
2321 if !rename($conffile, $newconffile);
2322 }
2323
2324 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2325 };
2326 if (my $err = $@) {
2327 unlink $conffile;
2328
2329 sleep 1; # some storage like rbd need to wait before release volume - really?
2330
2331 foreach my $volid (@$newvollist) {
2332 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2333 warn $@ if $@;
2334 }
2335 die "clone failed: $err";
2336 }
2337
2338 return;
2339 };
2340
2341 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2342 };
2343
2344 return PVE::QemuServer::lock_config_mode($vmid, 1, $shared_lock, sub {
2345 # Aquire exclusive lock lock for $newid
2346 return PVE::QemuServer::lock_config_full($newid, 1, $clonefn);
2347 });
2348
2349 }});
2350
2351 __PACKAGE__->register_method({
2352 name => 'move_vm_disk',
2353 path => '{vmid}/move_disk',
2354 method => 'POST',
2355 protected => 1,
2356 proxyto => 'node',
2357 description => "Move volume to different storage.",
2358 permissions => {
2359 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2360 "and 'Datastore.AllocateSpace' permissions on the storage.",
2361 check =>
2362 [ 'and',
2363 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2364 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2365 ],
2366 },
2367 parameters => {
2368 additionalProperties => 0,
2369 properties => {
2370 node => get_standard_option('pve-node'),
2371 vmid => get_standard_option('pve-vmid'),
2372 disk => {
2373 type => 'string',
2374 description => "The disk you want to move.",
2375 enum => [ PVE::QemuServer::disknames() ],
2376 },
2377 storage => get_standard_option('pve-storage-id', { description => "Target Storage." }),
2378 'format' => {
2379 type => 'string',
2380 description => "Target Format.",
2381 enum => [ 'raw', 'qcow2', 'vmdk' ],
2382 optional => 1,
2383 },
2384 delete => {
2385 type => 'boolean',
2386 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2387 optional => 1,
2388 default => 0,
2389 },
2390 digest => {
2391 type => 'string',
2392 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2393 maxLength => 40,
2394 optional => 1,
2395 },
2396 },
2397 },
2398 returns => {
2399 type => 'string',
2400 description => "the task ID.",
2401 },
2402 code => sub {
2403 my ($param) = @_;
2404
2405 my $rpcenv = PVE::RPCEnvironment::get();
2406
2407 my $authuser = $rpcenv->get_user();
2408
2409 my $node = extract_param($param, 'node');
2410
2411 my $vmid = extract_param($param, 'vmid');
2412
2413 my $digest = extract_param($param, 'digest');
2414
2415 my $disk = extract_param($param, 'disk');
2416
2417 my $storeid = extract_param($param, 'storage');
2418
2419 my $format = extract_param($param, 'format');
2420
2421 my $storecfg = PVE::Storage::config();
2422
2423 my $updatefn = sub {
2424
2425 my $conf = PVE::QemuServer::load_config($vmid);
2426
2427 die "checksum missmatch (file change by other user?)\n"
2428 if $digest && $digest ne $conf->{digest};
2429
2430 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2431
2432 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2433
2434 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2435
2436 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2437
2438 my $oldfmt;
2439 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2440 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2441 $oldfmt = $1;
2442 }
2443
2444 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2445 (!$format || !$oldfmt || $oldfmt eq $format);
2446
2447 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2448
2449 my $running = PVE::QemuServer::check_running($vmid);
2450
2451 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2452
2453 my $realcmd = sub {
2454
2455 my $newvollist = [];
2456
2457 eval {
2458 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2459
2460 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2461 $vmid, $storeid, $format, 1, $newvollist);
2462
2463 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2464
2465 PVE::QemuServer::add_unused_volume($conf, $old_volid) if !$param->{delete};
2466
2467 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2468
2469 eval {
2470 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2471 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2472 if !$running;
2473 };
2474 warn $@ if $@;
2475 };
2476 if (my $err = $@) {
2477
2478 foreach my $volid (@$newvollist) {
2479 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2480 warn $@ if $@;
2481 }
2482 die "storage migration failed: $err";
2483 }
2484
2485 if ($param->{delete}) {
2486 my $used_paths = PVE::QemuServer::get_used_paths($vmid, $storecfg, $conf, 1, 1);
2487 my $path = PVE::Storage::path($storecfg, $old_volid);
2488 if ($used_paths->{$path}){
2489 warn "volume $old_volid have snapshots. Can't delete it\n";
2490 PVE::QemuServer::add_unused_volume($conf, $old_volid);
2491 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2492 } else {
2493 eval { PVE::Storage::vdisk_free($storecfg, $old_volid); };
2494 warn $@ if $@;
2495 }
2496 }
2497 };
2498
2499 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2500 };
2501
2502 return PVE::QemuServer::lock_config($vmid, $updatefn);
2503 }});
2504
2505 __PACKAGE__->register_method({
2506 name => 'migrate_vm',
2507 path => '{vmid}/migrate',
2508 method => 'POST',
2509 protected => 1,
2510 proxyto => 'node',
2511 description => "Migrate virtual machine. Creates a new migration task.",
2512 permissions => {
2513 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2514 },
2515 parameters => {
2516 additionalProperties => 0,
2517 properties => {
2518 node => get_standard_option('pve-node'),
2519 vmid => get_standard_option('pve-vmid'),
2520 target => get_standard_option('pve-node', { description => "Target node." }),
2521 online => {
2522 type => 'boolean',
2523 description => "Use online/live migration.",
2524 optional => 1,
2525 },
2526 force => {
2527 type => 'boolean',
2528 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2529 optional => 1,
2530 },
2531 },
2532 },
2533 returns => {
2534 type => 'string',
2535 description => "the task ID.",
2536 },
2537 code => sub {
2538 my ($param) = @_;
2539
2540 my $rpcenv = PVE::RPCEnvironment::get();
2541
2542 my $authuser = $rpcenv->get_user();
2543
2544 my $target = extract_param($param, 'target');
2545
2546 my $localnode = PVE::INotify::nodename();
2547 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2548
2549 PVE::Cluster::check_cfs_quorum();
2550
2551 PVE::Cluster::check_node_exists($target);
2552
2553 my $targetip = PVE::Cluster::remote_node_ip($target);
2554
2555 my $vmid = extract_param($param, 'vmid');
2556
2557 raise_param_exc({ force => "Only root may use this option." })
2558 if $param->{force} && $authuser ne 'root@pam';
2559
2560 # test if VM exists
2561 my $conf = PVE::QemuServer::load_config($vmid);
2562
2563 # try to detect errors early
2564
2565 PVE::QemuServer::check_lock($conf);
2566
2567 if (PVE::QemuServer::check_running($vmid)) {
2568 die "cant migrate running VM without --online\n"
2569 if !$param->{online};
2570 }
2571
2572 my $storecfg = PVE::Storage::config();
2573 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2574
2575 if (&$vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2576
2577 my $hacmd = sub {
2578 my $upid = shift;
2579
2580 my $service = "pvevm:$vmid";
2581
2582 my $cmd = ['clusvcadm', '-M', $service, '-m', $target];
2583
2584 print "Executing HA migrate for VM $vmid to node $target\n";
2585
2586 PVE::Tools::run_command($cmd);
2587
2588 return;
2589 };
2590
2591 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2592
2593 } else {
2594
2595 my $realcmd = sub {
2596 my $upid = shift;
2597
2598 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2599 };
2600
2601 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2602 }
2603
2604 }});
2605
2606 __PACKAGE__->register_method({
2607 name => 'monitor',
2608 path => '{vmid}/monitor',
2609 method => 'POST',
2610 protected => 1,
2611 proxyto => 'node',
2612 description => "Execute Qemu monitor commands.",
2613 permissions => {
2614 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2615 },
2616 parameters => {
2617 additionalProperties => 0,
2618 properties => {
2619 node => get_standard_option('pve-node'),
2620 vmid => get_standard_option('pve-vmid'),
2621 command => {
2622 type => 'string',
2623 description => "The monitor command.",
2624 }
2625 },
2626 },
2627 returns => { type => 'string'},
2628 code => sub {
2629 my ($param) = @_;
2630
2631 my $vmid = $param->{vmid};
2632
2633 my $conf = PVE::QemuServer::load_config ($vmid); # check if VM exists
2634
2635 my $res = '';
2636 eval {
2637 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2638 };
2639 $res = "ERROR: $@" if $@;
2640
2641 return $res;
2642 }});
2643
2644 __PACKAGE__->register_method({
2645 name => 'resize_vm',
2646 path => '{vmid}/resize',
2647 method => 'PUT',
2648 protected => 1,
2649 proxyto => 'node',
2650 description => "Extend volume size.",
2651 permissions => {
2652 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2653 },
2654 parameters => {
2655 additionalProperties => 0,
2656 properties => {
2657 node => get_standard_option('pve-node'),
2658 vmid => get_standard_option('pve-vmid'),
2659 skiplock => get_standard_option('skiplock'),
2660 disk => {
2661 type => 'string',
2662 description => "The disk you want to resize.",
2663 enum => [PVE::QemuServer::disknames()],
2664 },
2665 size => {
2666 type => 'string',
2667 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2668 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2669 },
2670 digest => {
2671 type => 'string',
2672 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2673 maxLength => 40,
2674 optional => 1,
2675 },
2676 },
2677 },
2678 returns => { type => 'null'},
2679 code => sub {
2680 my ($param) = @_;
2681
2682 my $rpcenv = PVE::RPCEnvironment::get();
2683
2684 my $authuser = $rpcenv->get_user();
2685
2686 my $node = extract_param($param, 'node');
2687
2688 my $vmid = extract_param($param, 'vmid');
2689
2690 my $digest = extract_param($param, 'digest');
2691
2692 my $disk = extract_param($param, 'disk');
2693
2694 my $sizestr = extract_param($param, 'size');
2695
2696 my $skiplock = extract_param($param, 'skiplock');
2697 raise_param_exc({ skiplock => "Only root may use this option." })
2698 if $skiplock && $authuser ne 'root@pam';
2699
2700 my $storecfg = PVE::Storage::config();
2701
2702 my $updatefn = sub {
2703
2704 my $conf = PVE::QemuServer::load_config($vmid);
2705
2706 die "checksum missmatch (file change by other user?)\n"
2707 if $digest && $digest ne $conf->{digest};
2708 PVE::QemuServer::check_lock($conf) if !$skiplock;
2709
2710 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2711
2712 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2713
2714 my $volid = $drive->{file};
2715
2716 die "disk '$disk' has no associated volume\n" if !$volid;
2717
2718 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2719
2720 die "you can't online resize a virtio windows bootdisk\n"
2721 if PVE::QemuServer::check_running($vmid) && $conf->{bootdisk} eq $disk && $conf->{ostype} =~ m/^w/ && $disk =~ m/^virtio/;
2722
2723 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2724
2725 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2726
2727 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2728
2729 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2730 my ($ext, $newsize, $unit) = ($1, $2, $4);
2731 if ($unit) {
2732 if ($unit eq 'K') {
2733 $newsize = $newsize * 1024;
2734 } elsif ($unit eq 'M') {
2735 $newsize = $newsize * 1024 * 1024;
2736 } elsif ($unit eq 'G') {
2737 $newsize = $newsize * 1024 * 1024 * 1024;
2738 } elsif ($unit eq 'T') {
2739 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2740 }
2741 }
2742 $newsize += $size if $ext;
2743 $newsize = int($newsize);
2744
2745 die "unable to skrink disk size\n" if $newsize < $size;
2746
2747 return if $size == $newsize;
2748
2749 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2750
2751 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2752
2753 $drive->{size} = $newsize;
2754 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2755
2756 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2757 };
2758
2759 PVE::QemuServer::lock_config($vmid, $updatefn);
2760 return undef;
2761 }});
2762
2763 __PACKAGE__->register_method({
2764 name => 'snapshot_list',
2765 path => '{vmid}/snapshot',
2766 method => 'GET',
2767 description => "List all snapshots.",
2768 permissions => {
2769 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2770 },
2771 proxyto => 'node',
2772 protected => 1, # qemu pid files are only readable by root
2773 parameters => {
2774 additionalProperties => 0,
2775 properties => {
2776 vmid => get_standard_option('pve-vmid'),
2777 node => get_standard_option('pve-node'),
2778 },
2779 },
2780 returns => {
2781 type => 'array',
2782 items => {
2783 type => "object",
2784 properties => {},
2785 },
2786 links => [ { rel => 'child', href => "{name}" } ],
2787 },
2788 code => sub {
2789 my ($param) = @_;
2790
2791 my $vmid = $param->{vmid};
2792
2793 my $conf = PVE::QemuServer::load_config($vmid);
2794 my $snaphash = $conf->{snapshots} || {};
2795
2796 my $res = [];
2797
2798 foreach my $name (keys %$snaphash) {
2799 my $d = $snaphash->{$name};
2800 my $item = {
2801 name => $name,
2802 snaptime => $d->{snaptime} || 0,
2803 vmstate => $d->{vmstate} ? 1 : 0,
2804 description => $d->{description} || '',
2805 };
2806 $item->{parent} = $d->{parent} if $d->{parent};
2807 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2808 push @$res, $item;
2809 }
2810
2811 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
2812 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
2813 $current->{parent} = $conf->{parent} if $conf->{parent};
2814
2815 push @$res, $current;
2816
2817 return $res;
2818 }});
2819
2820 __PACKAGE__->register_method({
2821 name => 'snapshot',
2822 path => '{vmid}/snapshot',
2823 method => 'POST',
2824 protected => 1,
2825 proxyto => 'node',
2826 description => "Snapshot a VM.",
2827 permissions => {
2828 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2829 },
2830 parameters => {
2831 additionalProperties => 0,
2832 properties => {
2833 node => get_standard_option('pve-node'),
2834 vmid => get_standard_option('pve-vmid'),
2835 snapname => get_standard_option('pve-snapshot-name'),
2836 vmstate => {
2837 optional => 1,
2838 type => 'boolean',
2839 description => "Save the vmstate",
2840 },
2841 freezefs => {
2842 optional => 1,
2843 type => 'boolean',
2844 description => "Freeze the filesystem",
2845 },
2846 description => {
2847 optional => 1,
2848 type => 'string',
2849 description => "A textual description or comment.",
2850 },
2851 },
2852 },
2853 returns => {
2854 type => 'string',
2855 description => "the task ID.",
2856 },
2857 code => sub {
2858 my ($param) = @_;
2859
2860 my $rpcenv = PVE::RPCEnvironment::get();
2861
2862 my $authuser = $rpcenv->get_user();
2863
2864 my $node = extract_param($param, 'node');
2865
2866 my $vmid = extract_param($param, 'vmid');
2867
2868 my $snapname = extract_param($param, 'snapname');
2869
2870 die "unable to use snapshot name 'current' (reserved name)\n"
2871 if $snapname eq 'current';
2872
2873 my $realcmd = sub {
2874 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
2875 PVE::QemuServer::snapshot_create($vmid, $snapname, $param->{vmstate},
2876 $param->{freezefs}, $param->{description});
2877 };
2878
2879 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
2880 }});
2881
2882 __PACKAGE__->register_method({
2883 name => 'snapshot_cmd_idx',
2884 path => '{vmid}/snapshot/{snapname}',
2885 description => '',
2886 method => 'GET',
2887 permissions => {
2888 user => 'all',
2889 },
2890 parameters => {
2891 additionalProperties => 0,
2892 properties => {
2893 vmid => get_standard_option('pve-vmid'),
2894 node => get_standard_option('pve-node'),
2895 snapname => get_standard_option('pve-snapshot-name'),
2896 },
2897 },
2898 returns => {
2899 type => 'array',
2900 items => {
2901 type => "object",
2902 properties => {},
2903 },
2904 links => [ { rel => 'child', href => "{cmd}" } ],
2905 },
2906 code => sub {
2907 my ($param) = @_;
2908
2909 my $res = [];
2910
2911 push @$res, { cmd => 'rollback' };
2912 push @$res, { cmd => 'config' };
2913
2914 return $res;
2915 }});
2916
2917 __PACKAGE__->register_method({
2918 name => 'update_snapshot_config',
2919 path => '{vmid}/snapshot/{snapname}/config',
2920 method => 'PUT',
2921 protected => 1,
2922 proxyto => 'node',
2923 description => "Update snapshot metadata.",
2924 permissions => {
2925 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2926 },
2927 parameters => {
2928 additionalProperties => 0,
2929 properties => {
2930 node => get_standard_option('pve-node'),
2931 vmid => get_standard_option('pve-vmid'),
2932 snapname => get_standard_option('pve-snapshot-name'),
2933 description => {
2934 optional => 1,
2935 type => 'string',
2936 description => "A textual description or comment.",
2937 },
2938 },
2939 },
2940 returns => { type => 'null' },
2941 code => sub {
2942 my ($param) = @_;
2943
2944 my $rpcenv = PVE::RPCEnvironment::get();
2945
2946 my $authuser = $rpcenv->get_user();
2947
2948 my $vmid = extract_param($param, 'vmid');
2949
2950 my $snapname = extract_param($param, 'snapname');
2951
2952 return undef if !defined($param->{description});
2953
2954 my $updatefn = sub {
2955
2956 my $conf = PVE::QemuServer::load_config($vmid);
2957
2958 PVE::QemuServer::check_lock($conf);
2959
2960 my $snap = $conf->{snapshots}->{$snapname};
2961
2962 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2963
2964 $snap->{description} = $param->{description} if defined($param->{description});
2965
2966 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
2967 };
2968
2969 PVE::QemuServer::lock_config($vmid, $updatefn);
2970
2971 return undef;
2972 }});
2973
2974 __PACKAGE__->register_method({
2975 name => 'get_snapshot_config',
2976 path => '{vmid}/snapshot/{snapname}/config',
2977 method => 'GET',
2978 proxyto => 'node',
2979 description => "Get snapshot configuration",
2980 permissions => {
2981 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
2982 },
2983 parameters => {
2984 additionalProperties => 0,
2985 properties => {
2986 node => get_standard_option('pve-node'),
2987 vmid => get_standard_option('pve-vmid'),
2988 snapname => get_standard_option('pve-snapshot-name'),
2989 },
2990 },
2991 returns => { type => "object" },
2992 code => sub {
2993 my ($param) = @_;
2994
2995 my $rpcenv = PVE::RPCEnvironment::get();
2996
2997 my $authuser = $rpcenv->get_user();
2998
2999 my $vmid = extract_param($param, 'vmid');
3000
3001 my $snapname = extract_param($param, 'snapname');
3002
3003 my $conf = PVE::QemuServer::load_config($vmid);
3004
3005 my $snap = $conf->{snapshots}->{$snapname};
3006
3007 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3008
3009 return $snap;
3010 }});
3011
3012 __PACKAGE__->register_method({
3013 name => 'rollback',
3014 path => '{vmid}/snapshot/{snapname}/rollback',
3015 method => 'POST',
3016 protected => 1,
3017 proxyto => 'node',
3018 description => "Rollback VM state to specified snapshot.",
3019 permissions => {
3020 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3021 },
3022 parameters => {
3023 additionalProperties => 0,
3024 properties => {
3025 node => get_standard_option('pve-node'),
3026 vmid => get_standard_option('pve-vmid'),
3027 snapname => get_standard_option('pve-snapshot-name'),
3028 },
3029 },
3030 returns => {
3031 type => 'string',
3032 description => "the task ID.",
3033 },
3034 code => sub {
3035 my ($param) = @_;
3036
3037 my $rpcenv = PVE::RPCEnvironment::get();
3038
3039 my $authuser = $rpcenv->get_user();
3040
3041 my $node = extract_param($param, 'node');
3042
3043 my $vmid = extract_param($param, 'vmid');
3044
3045 my $snapname = extract_param($param, 'snapname');
3046
3047 my $realcmd = sub {
3048 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3049 PVE::QemuServer::snapshot_rollback($vmid, $snapname);
3050 };
3051
3052 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3053 }});
3054
3055 __PACKAGE__->register_method({
3056 name => 'delsnapshot',
3057 path => '{vmid}/snapshot/{snapname}',
3058 method => 'DELETE',
3059 protected => 1,
3060 proxyto => 'node',
3061 description => "Delete a VM snapshot.",
3062 permissions => {
3063 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3064 },
3065 parameters => {
3066 additionalProperties => 0,
3067 properties => {
3068 node => get_standard_option('pve-node'),
3069 vmid => get_standard_option('pve-vmid'),
3070 snapname => get_standard_option('pve-snapshot-name'),
3071 force => {
3072 optional => 1,
3073 type => 'boolean',
3074 description => "For removal from config file, even if removing disk snapshots fails.",
3075 },
3076 },
3077 },
3078 returns => {
3079 type => 'string',
3080 description => "the task ID.",
3081 },
3082 code => sub {
3083 my ($param) = @_;
3084
3085 my $rpcenv = PVE::RPCEnvironment::get();
3086
3087 my $authuser = $rpcenv->get_user();
3088
3089 my $node = extract_param($param, 'node');
3090
3091 my $vmid = extract_param($param, 'vmid');
3092
3093 my $snapname = extract_param($param, 'snapname');
3094
3095 my $realcmd = sub {
3096 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3097 PVE::QemuServer::snapshot_delete($vmid, $snapname, $param->{force});
3098 };
3099
3100 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3101 }});
3102
3103 __PACKAGE__->register_method({
3104 name => 'template',
3105 path => '{vmid}/template',
3106 method => 'POST',
3107 protected => 1,
3108 proxyto => 'node',
3109 description => "Create a Template.",
3110 permissions => {
3111 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3112 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3113 },
3114 parameters => {
3115 additionalProperties => 0,
3116 properties => {
3117 node => get_standard_option('pve-node'),
3118 vmid => get_standard_option('pve-vmid'),
3119 disk => {
3120 optional => 1,
3121 type => 'string',
3122 description => "If you want to convert only 1 disk to base image.",
3123 enum => [PVE::QemuServer::disknames()],
3124 },
3125
3126 },
3127 },
3128 returns => { type => 'null'},
3129 code => sub {
3130 my ($param) = @_;
3131
3132 my $rpcenv = PVE::RPCEnvironment::get();
3133
3134 my $authuser = $rpcenv->get_user();
3135
3136 my $node = extract_param($param, 'node');
3137
3138 my $vmid = extract_param($param, 'vmid');
3139
3140 my $disk = extract_param($param, 'disk');
3141
3142 my $updatefn = sub {
3143
3144 my $conf = PVE::QemuServer::load_config($vmid);
3145
3146 PVE::QemuServer::check_lock($conf);
3147
3148 die "unable to create template, because VM contains snapshots\n"
3149 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3150
3151 die "you can't convert a template to a template\n"
3152 if PVE::QemuServer::is_template($conf) && !$disk;
3153
3154 die "you can't convert a VM to template if VM is running\n"
3155 if PVE::QemuServer::check_running($vmid);
3156
3157 my $realcmd = sub {
3158 PVE::QemuServer::template_create($vmid, $conf, $disk);
3159 };
3160
3161 $conf->{template} = 1;
3162 PVE::QemuServer::update_config_nolock($vmid, $conf, 1);
3163
3164 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3165 };
3166
3167 PVE::QemuServer::lock_config($vmid, $updatefn);
3168 return undef;
3169 }});
3170
3171 1;
Virtual Machine Manager