]> git.proxmox.com Git - qemu-server.git/blob - PVE/API2/Qemu.pm
projects / qemu-server.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vm_shutdown: request 'stopped' state for HA enabled VMs
[qemu-server.git] / PVE / API2 / Qemu.pm
1 package PVE::API2::Qemu;
2
3 use strict;
4 use warnings;
5 use Cwd 'abs_path';
6 use Net::SSLeay;
7 use UUID;
8
9 use PVE::Cluster qw (cfs_read_file cfs_write_file);;
10 use PVE::SafeSyslog;
11 use PVE::Tools qw(extract_param);
12 use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
13 use PVE::Storage;
14 use PVE::JSONSchema qw(get_standard_option);
15 use PVE::RESTHandler;
16 use PVE::QemuConfig;
17 use PVE::QemuServer;
18 use PVE::QemuMigrate;
19 use PVE::RPCEnvironment;
20 use PVE::AccessControl;
21 use PVE::INotify;
22 use PVE::Network;
23 use PVE::Firewall;
24 use PVE::API2::Firewall::VM;
25 use PVE::HA::Env::PVE2;
26 use PVE::HA::Config;
27
28 use Data::Dumper; # fixme: remove
29
30 use base qw(PVE::RESTHandler);
31
32 my $opt_force_description = "Force physical removal. Without this, we simple remove the disk from the config file and create an additional configuration entry called 'unused[n]', which contains the volume ID. Unlink of unused[n] always cause physical removal.";
33
34 my $resolve_cdrom_alias = sub {
35 my $param = shift;
36
37 if (my $value = $param->{cdrom}) {
38 $value .= ",media=cdrom" if $value !~ m/media=/;
39 $param->{ide2} = $value;
40 delete $param->{cdrom};
41 }
42 };
43
44 my $check_storage_access = sub {
45 my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
46
47 PVE::QemuServer::foreach_drive($settings, sub {
48 my ($ds, $drive) = @_;
49
50 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
51
52 my $volid = $drive->{file};
53
54 if (!$volid || $volid eq 'none') {
55 # nothing to check
56 } elsif ($isCDROM && ($volid eq 'cdrom')) {
57 $rpcenv->check($authuser, "/", ['Sys.Console']);
58 } elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
59 my ($storeid, $size) = ($2 || $default_storage, $3);
60 die "no storage ID specified (and no default storage)\n" if !$storeid;
61 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
62 } else {
63 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
64 }
65 });
66 };
67
68 my $check_storage_access_clone = sub {
69 my ($rpcenv, $authuser, $storecfg, $conf, $storage) = @_;
70
71 my $sharedvm = 1;
72
73 PVE::QemuServer::foreach_drive($conf, sub {
74 my ($ds, $drive) = @_;
75
76 my $isCDROM = PVE::QemuServer::drive_is_cdrom($drive);
77
78 my $volid = $drive->{file};
79
80 return if !$volid || $volid eq 'none';
81
82 if ($isCDROM) {
83 if ($volid eq 'cdrom') {
84 $rpcenv->check($authuser, "/", ['Sys.Console']);
85 } else {
86 # we simply allow access
87 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
88 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
89 $sharedvm = 0 if !$scfg->{shared};
90
91 }
92 } else {
93 my ($sid, $volname) = PVE::Storage::parse_volume_id($volid);
94 my $scfg = PVE::Storage::storage_config($storecfg, $sid);
95 $sharedvm = 0 if !$scfg->{shared};
96
97 $sid = $storage if $storage;
98 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
99 }
100 });
101
102 return $sharedvm;
103 };
104
105 # Note: $pool is only needed when creating a VM, because pool permissions
106 # are automatically inherited if VM already exists inside a pool.
107 my $create_disks = sub {
108 my ($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
109
110 my $vollist = [];
111
112 my $res = {};
113 PVE::QemuServer::foreach_drive($settings, sub {
114 my ($ds, $disk) = @_;
115
116 my $volid = $disk->{file};
117
118 if (!$volid || $volid eq 'none' || $volid eq 'cdrom') {
119 delete $disk->{size};
120 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
121 } elsif ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/) {
122 my ($storeid, $size) = ($2 || $default_storage, $3);
123 die "no storage ID specified (and no default storage)\n" if !$storeid;
124 my $defformat = PVE::Storage::storage_default_format($storecfg, $storeid);
125 my $fmt = $disk->{format} || $defformat;
126
127 my $volid;
128 if ($ds eq 'efidisk0') {
129 # handle efidisk
130 my $ovmfvars = '/usr/share/kvm/OVMF_VARS-pure-efi.fd';
131 die "uefi vars image not found\n" if ! -f $ovmfvars;
132 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
133 $fmt, undef, 128);
134 $disk->{file} = $volid;
135 $disk->{size} = 128*1024;
136 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
137 my $scfg = PVE::Storage::storage_config($storecfg, $storeid);
138 my $qemufmt = PVE::QemuServer::qemu_img_format($scfg, $volname);
139 my $path = PVE::Storage::path($storecfg, $volid);
140 my $efidiskcmd = ['/usr/bin/qemu-img', 'convert', '-n', '-f', 'raw', '-O', $qemufmt];
141 push @$efidiskcmd, $ovmfvars;
142 push @$efidiskcmd, $path;
143
144 PVE::Storage::activate_volumes($storecfg, [$volid]);
145
146 eval { PVE::Tools::run_command($efidiskcmd); };
147 my $err = $@;
148 die "Copying of EFI Vars image failed: $err" if $err;
149 } else {
150 $volid = PVE::Storage::vdisk_alloc($storecfg, $storeid, $vmid,
151 $fmt, undef, $size*1024*1024);
152 $disk->{file} = $volid;
153 $disk->{size} = $size*1024*1024*1024;
154 }
155 push @$vollist, $volid;
156 delete $disk->{format}; # no longer needed
157 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
158 } else {
159
160 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $volid);
161
162 my $volid_is_new = 1;
163
164 if ($conf->{$ds}) {
165 my $olddrive = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
166 $volid_is_new = undef if $olddrive->{file} && $olddrive->{file} eq $volid;
167 }
168
169 if ($volid_is_new) {
170
171 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
172
173 PVE::Storage::activate_volumes($storecfg, [ $volid ]) if $storeid;
174
175 my $size = PVE::Storage::volume_size_info($storecfg, $volid);
176
177 die "volume $volid does not exists\n" if !$size;
178
179 $disk->{size} = $size;
180 }
181
182 $res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
183 }
184 });
185
186 # free allocated images on error
187 if (my $err = $@) {
188 syslog('err', "VM $vmid creating disks failed");
189 foreach my $volid (@$vollist) {
190 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
191 warn $@ if $@;
192 }
193 die $err;
194 }
195
196 # modify vm config if everything went well
197 foreach my $ds (keys %$res) {
198 $conf->{$ds} = $res->{$ds};
199 }
200
201 return $vollist;
202 };
203
204 my $cpuoptions = {
205 'cores' => 1,
206 'cpu' => 1,
207 'cpulimit' => 1,
208 'cpuunits' => 1,
209 'numa' => 1,
210 'smp' => 1,
211 'sockets' => 1,
212 'vcpus' => 1,
213 };
214
215 my $memoryoptions = {
216 'memory' => 1,
217 'balloon' => 1,
218 'shares' => 1,
219 };
220
221 my $hwtypeoptions = {
222 'acpi' => 1,
223 'hotplug' => 1,
224 'kvm' => 1,
225 'machine' => 1,
226 'scsihw' => 1,
227 'smbios1' => 1,
228 'tablet' => 1,
229 'vga' => 1,
230 'watchdog' => 1,
231 };
232
233 my $generaloptions = {
234 'agent' => 1,
235 'autostart' => 1,
236 'bios' => 1,
237 'description' => 1,
238 'keyboard' => 1,
239 'localtime' => 1,
240 'migrate_downtime' => 1,
241 'migrate_speed' => 1,
242 'name' => 1,
243 'onboot' => 1,
244 'ostype' => 1,
245 'protection' => 1,
246 'reboot' => 1,
247 'startdate' => 1,
248 'startup' => 1,
249 'tdf' => 1,
250 'template' => 1,
251 };
252
253 my $vmpoweroptions = {
254 'freeze' => 1,
255 };
256
257 my $diskoptions = {
258 'boot' => 1,
259 'bootdisk' => 1,
260 };
261
262 my $check_vm_modify_config_perm = sub {
263 my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
264
265 return 1 if $authuser eq 'root@pam';
266
267 foreach my $opt (@$key_list) {
268 # disk checks need to be done somewhere else
269 next if PVE::QemuServer::is_valid_drivename($opt);
270 next if $opt eq 'cdrom';
271 next if $opt =~ m/^unused\d+$/;
272
273 if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
274 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
275 } elsif ($memoryoptions->{$opt}) {
276 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
277 } elsif ($hwtypeoptions->{$opt}) {
278 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
279 } elsif ($generaloptions->{$opt}) {
280 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
281 # special case for startup since it changes host behaviour
282 if ($opt eq 'startup') {
283 $rpcenv->check_full($authuser, "/", ['Sys.Modify']);
284 }
285 } elsif ($vmpoweroptions->{$opt}) {
286 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.PowerMgmt']);
287 } elsif ($diskoptions->{$opt}) {
288 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
289 } elsif ($opt =~ m/^net\d+$/) {
290 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
291 } else {
292 # catches usb\d+, hostpci\d+, args, lock, etc.
293 # new options will be checked here
294 die "only root can set '$opt' config\n";
295 }
296 }
297
298 return 1;
299 };
300
301 __PACKAGE__->register_method({
302 name => 'vmlist',
303 path => '',
304 method => 'GET',
305 description => "Virtual machine index (per node).",
306 permissions => {
307 description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
308 user => 'all',
309 },
310 proxyto => 'node',
311 protected => 1, # qemu pid files are only readable by root
312 parameters => {
313 additionalProperties => 0,
314 properties => {
315 node => get_standard_option('pve-node'),
316 full => {
317 type => 'boolean',
318 optional => 1,
319 description => "Determine the full status of active VMs.",
320 },
321 },
322 },
323 returns => {
324 type => 'array',
325 items => {
326 type => "object",
327 properties => {},
328 },
329 links => [ { rel => 'child', href => "{vmid}" } ],
330 },
331 code => sub {
332 my ($param) = @_;
333
334 my $rpcenv = PVE::RPCEnvironment::get();
335 my $authuser = $rpcenv->get_user();
336
337 my $vmstatus = PVE::QemuServer::vmstatus(undef, $param->{full});
338
339 my $res = [];
340 foreach my $vmid (keys %$vmstatus) {
341 next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
342
343 my $data = $vmstatus->{$vmid};
344 $data->{vmid} = int($vmid);
345 push @$res, $data;
346 }
347
348 return $res;
349 }});
350
351
352
353 __PACKAGE__->register_method({
354 name => 'create_vm',
355 path => '',
356 method => 'POST',
357 description => "Create or restore a virtual machine.",
358 permissions => {
359 description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
360 "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
361 "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
362 user => 'all', # check inside
363 },
364 protected => 1,
365 proxyto => 'node',
366 parameters => {
367 additionalProperties => 0,
368 properties => PVE::QemuServer::json_config_properties(
369 {
370 node => get_standard_option('pve-node'),
371 vmid => get_standard_option('pve-vmid', { completion => \&PVE::Cluster::complete_next_vmid }),
372 archive => {
373 description => "The backup file.",
374 type => 'string',
375 optional => 1,
376 maxLength => 255,
377 completion => \&PVE::QemuServer::complete_backup_archives,
378 },
379 storage => get_standard_option('pve-storage-id', {
380 description => "Default storage.",
381 optional => 1,
382 completion => \&PVE::QemuServer::complete_storage,
383 }),
384 force => {
385 optional => 1,
386 type => 'boolean',
387 description => "Allow to overwrite existing VM.",
388 requires => 'archive',
389 },
390 unique => {
391 optional => 1,
392 type => 'boolean',
393 description => "Assign a unique random ethernet address.",
394 requires => 'archive',
395 },
396 pool => {
397 optional => 1,
398 type => 'string', format => 'pve-poolid',
399 description => "Add the VM to the specified pool.",
400 },
401 }),
402 },
403 returns => {
404 type => 'string',
405 },
406 code => sub {
407 my ($param) = @_;
408
409 my $rpcenv = PVE::RPCEnvironment::get();
410
411 my $authuser = $rpcenv->get_user();
412
413 my $node = extract_param($param, 'node');
414
415 my $vmid = extract_param($param, 'vmid');
416
417 my $archive = extract_param($param, 'archive');
418
419 my $storage = extract_param($param, 'storage');
420
421 my $force = extract_param($param, 'force');
422
423 my $unique = extract_param($param, 'unique');
424
425 my $pool = extract_param($param, 'pool');
426
427 my $filename = PVE::QemuConfig->config_file($vmid);
428
429 my $storecfg = PVE::Storage::config();
430
431 PVE::Cluster::check_cfs_quorum();
432
433 if (defined($pool)) {
434 $rpcenv->check_pool_exist($pool);
435 }
436
437 $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
438 if defined($storage);
439
440 if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
441 # OK
442 } elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
443 # OK
444 } elsif ($archive && $force && (-f $filename) &&
445 $rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
446 # OK: user has VM.Backup permissions, and want to restore an existing VM
447 } else {
448 raise_perm_exc();
449 }
450
451 if (!$archive) {
452 &$resolve_cdrom_alias($param);
453
454 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
455
456 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
457
458 foreach my $opt (keys %$param) {
459 if (PVE::QemuServer::is_valid_drivename($opt)) {
460 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
461 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
462
463 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
464 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
465 }
466 }
467
468 PVE::QemuServer::add_random_macs($param);
469 } else {
470 my $keystr = join(' ', keys %$param);
471 raise_param_exc({ archive => "option conflicts with other options ($keystr)"}) if $keystr;
472
473 if ($archive eq '-') {
474 die "pipe requires cli environment\n"
475 if $rpcenv->{type} ne 'cli';
476 } else {
477 $rpcenv->check_volume_access($authuser, $storecfg, $vmid, $archive);
478 $archive = PVE::Storage::abs_filesystem_path($storecfg, $archive);
479 }
480 }
481
482 my $restorefn = sub {
483 my $vmlist = PVE::Cluster::get_vmlist();
484 if ($vmlist->{ids}->{$vmid}) {
485 my $current_node = $vmlist->{ids}->{$vmid}->{node};
486 if ($current_node eq $node) {
487 my $conf = PVE::QemuConfig->load_config($vmid);
488
489 PVE::QemuConfig->check_protection($conf, "unable to restore VM $vmid");
490
491 die "unable to restore vm $vmid - config file already exists\n"
492 if !$force;
493
494 die "unable to restore vm $vmid - vm is running\n"
495 if PVE::QemuServer::check_running($vmid);
496
497 die "unable to restore vm $vmid - vm is a template\n"
498 if PVE::QemuConfig->is_template($conf);
499
500 } else {
501 die "unable to restore vm $vmid - already existing on cluster node '$current_node'\n";
502 }
503 }
504
505 my $realcmd = sub {
506 PVE::QemuServer::restore_archive($archive, $vmid, $authuser, {
507 storage => $storage,
508 pool => $pool,
509 unique => $unique });
510
511 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
512 };
513
514 return $rpcenv->fork_worker('qmrestore', $vmid, $authuser, $realcmd);
515 };
516
517 my $createfn = sub {
518
519 # test after locking
520 PVE::Cluster::check_vmid_unused($vmid);
521
522 my $realcmd = sub {
523
524 my $vollist = [];
525
526 my $conf = $param;
527
528 eval {
529
530 $vollist = &$create_disks($rpcenv, $authuser, $conf, $storecfg, $vmid, $pool, $param, $storage);
531
532 # try to be smart about bootdisk
533 my @disks = PVE::QemuServer::valid_drive_names();
534 my $firstdisk;
535 foreach my $ds (reverse @disks) {
536 next if !$conf->{$ds};
537 my $disk = PVE::QemuServer::parse_drive($ds, $conf->{$ds});
538 next if PVE::QemuServer::drive_is_cdrom($disk);
539 $firstdisk = $ds;
540 }
541
542 if (!$conf->{bootdisk} && $firstdisk) {
543 $conf->{bootdisk} = $firstdisk;
544 }
545
546 # auto generate uuid if user did not specify smbios1 option
547 if (!$conf->{smbios1}) {
548 my ($uuid, $uuid_str);
549 UUID::generate($uuid);
550 UUID::unparse($uuid, $uuid_str);
551 $conf->{smbios1} = "uuid=$uuid_str";
552 }
553
554 PVE::QemuConfig->write_config($vmid, $conf);
555
556 };
557 my $err = $@;
558
559 if ($err) {
560 foreach my $volid (@$vollist) {
561 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
562 warn $@ if $@;
563 }
564 die "create failed - $err";
565 }
566
567 PVE::AccessControl::add_vm_to_pool($vmid, $pool) if $pool;
568 };
569
570 return $rpcenv->fork_worker('qmcreate', $vmid, $authuser, $realcmd);
571 };
572
573 return PVE::QemuConfig->lock_config_full($vmid, 1, $archive ? $restorefn : $createfn);
574 }});
575
576 __PACKAGE__->register_method({
577 name => 'vmdiridx',
578 path => '{vmid}',
579 method => 'GET',
580 proxyto => 'node',
581 description => "Directory index",
582 permissions => {
583 user => 'all',
584 },
585 parameters => {
586 additionalProperties => 0,
587 properties => {
588 node => get_standard_option('pve-node'),
589 vmid => get_standard_option('pve-vmid'),
590 },
591 },
592 returns => {
593 type => 'array',
594 items => {
595 type => "object",
596 properties => {
597 subdir => { type => 'string' },
598 },
599 },
600 links => [ { rel => 'child', href => "{subdir}" } ],
601 },
602 code => sub {
603 my ($param) = @_;
604
605 my $res = [
606 { subdir => 'config' },
607 { subdir => 'pending' },
608 { subdir => 'status' },
609 { subdir => 'unlink' },
610 { subdir => 'vncproxy' },
611 { subdir => 'migrate' },
612 { subdir => 'resize' },
613 { subdir => 'move' },
614 { subdir => 'rrd' },
615 { subdir => 'rrddata' },
616 { subdir => 'monitor' },
617 { subdir => 'snapshot' },
618 { subdir => 'spiceproxy' },
619 { subdir => 'sendkey' },
620 { subdir => 'firewall' },
621 ];
622
623 return $res;
624 }});
625
626 __PACKAGE__->register_method ({
627 subclass => "PVE::API2::Firewall::VM",
628 path => '{vmid}/firewall',
629 });
630
631 __PACKAGE__->register_method({
632 name => 'rrd',
633 path => '{vmid}/rrd',
634 method => 'GET',
635 protected => 1, # fixme: can we avoid that?
636 permissions => {
637 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
638 },
639 description => "Read VM RRD statistics (returns PNG)",
640 parameters => {
641 additionalProperties => 0,
642 properties => {
643 node => get_standard_option('pve-node'),
644 vmid => get_standard_option('pve-vmid'),
645 timeframe => {
646 description => "Specify the time frame you are interested in.",
647 type => 'string',
648 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
649 },
650 ds => {
651 description => "The list of datasources you want to display.",
652 type => 'string', format => 'pve-configid-list',
653 },
654 cf => {
655 description => "The RRD consolidation function",
656 type => 'string',
657 enum => [ 'AVERAGE', 'MAX' ],
658 optional => 1,
659 },
660 },
661 },
662 returns => {
663 type => "object",
664 properties => {
665 filename => { type => 'string' },
666 },
667 },
668 code => sub {
669 my ($param) = @_;
670
671 return PVE::Cluster::create_rrd_graph(
672 "pve2-vm/$param->{vmid}", $param->{timeframe},
673 $param->{ds}, $param->{cf});
674
675 }});
676
677 __PACKAGE__->register_method({
678 name => 'rrddata',
679 path => '{vmid}/rrddata',
680 method => 'GET',
681 protected => 1, # fixme: can we avoid that?
682 permissions => {
683 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
684 },
685 description => "Read VM RRD statistics",
686 parameters => {
687 additionalProperties => 0,
688 properties => {
689 node => get_standard_option('pve-node'),
690 vmid => get_standard_option('pve-vmid'),
691 timeframe => {
692 description => "Specify the time frame you are interested in.",
693 type => 'string',
694 enum => [ 'hour', 'day', 'week', 'month', 'year' ],
695 },
696 cf => {
697 description => "The RRD consolidation function",
698 type => 'string',
699 enum => [ 'AVERAGE', 'MAX' ],
700 optional => 1,
701 },
702 },
703 },
704 returns => {
705 type => "array",
706 items => {
707 type => "object",
708 properties => {},
709 },
710 },
711 code => sub {
712 my ($param) = @_;
713
714 return PVE::Cluster::create_rrd_data(
715 "pve2-vm/$param->{vmid}", $param->{timeframe}, $param->{cf});
716 }});
717
718
719 __PACKAGE__->register_method({
720 name => 'vm_config',
721 path => '{vmid}/config',
722 method => 'GET',
723 proxyto => 'node',
724 description => "Get current virtual machine configuration. This does not include pending configuration changes (see 'pending' API).",
725 permissions => {
726 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
727 },
728 parameters => {
729 additionalProperties => 0,
730 properties => {
731 node => get_standard_option('pve-node'),
732 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
733 current => {
734 description => "Get current values (instead of pending values).",
735 optional => 1,
736 default => 0,
737 type => 'boolean',
738 },
739 },
740 },
741 returns => {
742 type => "object",
743 properties => {
744 digest => {
745 type => 'string',
746 description => 'SHA1 digest of configuration file. This can be used to prevent concurrent modifications.',
747 }
748 },
749 },
750 code => sub {
751 my ($param) = @_;
752
753 my $conf = PVE::QemuConfig->load_config($param->{vmid});
754
755 delete $conf->{snapshots};
756
757 if (!$param->{current}) {
758 foreach my $opt (keys %{$conf->{pending}}) {
759 next if $opt eq 'delete';
760 my $value = $conf->{pending}->{$opt};
761 next if ref($value); # just to be sure
762 $conf->{$opt} = $value;
763 }
764 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
765 foreach my $opt (keys %$pending_delete_hash) {
766 delete $conf->{$opt} if $conf->{$opt};
767 }
768 }
769
770 delete $conf->{pending};
771
772 return $conf;
773 }});
774
775 __PACKAGE__->register_method({
776 name => 'vm_pending',
777 path => '{vmid}/pending',
778 method => 'GET',
779 proxyto => 'node',
780 description => "Get virtual machine configuration, including pending changes.",
781 permissions => {
782 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
783 },
784 parameters => {
785 additionalProperties => 0,
786 properties => {
787 node => get_standard_option('pve-node'),
788 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
789 },
790 },
791 returns => {
792 type => "array",
793 items => {
794 type => "object",
795 properties => {
796 key => {
797 description => "Configuration option name.",
798 type => 'string',
799 },
800 value => {
801 description => "Current value.",
802 type => 'string',
803 optional => 1,
804 },
805 pending => {
806 description => "Pending value.",
807 type => 'string',
808 optional => 1,
809 },
810 delete => {
811 description => "Indicates a pending delete request if present and not 0. " .
812 "The value 2 indicates a force-delete request.",
813 type => 'integer',
814 minimum => 0,
815 maximum => 2,
816 optional => 1,
817 },
818 },
819 },
820 },
821 code => sub {
822 my ($param) = @_;
823
824 my $conf = PVE::QemuConfig->load_config($param->{vmid});
825
826 my $pending_delete_hash = PVE::QemuServer::split_flagged_list($conf->{pending}->{delete});
827
828 my $res = [];
829
830 foreach my $opt (keys %$conf) {
831 next if ref($conf->{$opt});
832 my $item = { key => $opt };
833 $item->{value} = $conf->{$opt} if defined($conf->{$opt});
834 $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
835 $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
836 push @$res, $item;
837 }
838
839 foreach my $opt (keys %{$conf->{pending}}) {
840 next if $opt eq 'delete';
841 next if ref($conf->{pending}->{$opt}); # just to be sure
842 next if defined($conf->{$opt});
843 my $item = { key => $opt };
844 $item->{pending} = $conf->{pending}->{$opt};
845 push @$res, $item;
846 }
847
848 while (my ($opt, $force) = each %$pending_delete_hash) {
849 next if $conf->{pending}->{$opt}; # just to be sure
850 next if $conf->{$opt};
851 my $item = { key => $opt, delete => ($force ? 2 : 1)};
852 push @$res, $item;
853 }
854
855 return $res;
856 }});
857
858 # POST/PUT {vmid}/config implementation
859 #
860 # The original API used PUT (idempotent) an we assumed that all operations
861 # are fast. But it turned out that almost any configuration change can
862 # involve hot-plug actions, or disk alloc/free. Such actions can take long
863 # time to complete and have side effects (not idempotent).
864 #
865 # The new implementation uses POST and forks a worker process. We added
866 # a new option 'background_delay'. If specified we wait up to
867 # 'background_delay' second for the worker task to complete. It returns null
868 # if the task is finished within that time, else we return the UPID.
869
870 my $update_vm_api = sub {
871 my ($param, $sync) = @_;
872
873 my $rpcenv = PVE::RPCEnvironment::get();
874
875 my $authuser = $rpcenv->get_user();
876
877 my $node = extract_param($param, 'node');
878
879 my $vmid = extract_param($param, 'vmid');
880
881 my $digest = extract_param($param, 'digest');
882
883 my $background_delay = extract_param($param, 'background_delay');
884
885 my @paramarr = (); # used for log message
886 foreach my $key (keys %$param) {
887 push @paramarr, "-$key", $param->{$key};
888 }
889
890 my $skiplock = extract_param($param, 'skiplock');
891 raise_param_exc({ skiplock => "Only root may use this option." })
892 if $skiplock && $authuser ne 'root@pam';
893
894 my $delete_str = extract_param($param, 'delete');
895
896 my $revert_str = extract_param($param, 'revert');
897
898 my $force = extract_param($param, 'force');
899
900 die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
901
902 my $storecfg = PVE::Storage::config();
903
904 my $defaults = PVE::QemuServer::load_defaults();
905
906 &$resolve_cdrom_alias($param);
907
908 # now try to verify all parameters
909
910 my $revert = {};
911 foreach my $opt (PVE::Tools::split_list($revert_str)) {
912 if (!PVE::QemuServer::option_exists($opt)) {
913 raise_param_exc({ revert => "unknown option '$opt'" });
914 }
915
916 raise_param_exc({ delete => "you can't use '-$opt' and " .
917 "-revert $opt' at the same time" })
918 if defined($param->{$opt});
919
920 $revert->{$opt} = 1;
921 }
922
923 my @delete = ();
924 foreach my $opt (PVE::Tools::split_list($delete_str)) {
925 $opt = 'ide2' if $opt eq 'cdrom';
926
927 raise_param_exc({ delete => "you can't use '-$opt' and " .
928 "-delete $opt' at the same time" })
929 if defined($param->{$opt});
930
931 raise_param_exc({ revert => "you can't use '-delete $opt' and " .
932 "-revert $opt' at the same time" })
933 if $revert->{$opt};
934
935 if (!PVE::QemuServer::option_exists($opt)) {
936 raise_param_exc({ delete => "unknown option '$opt'" });
937 }
938
939 push @delete, $opt;
940 }
941
942 foreach my $opt (keys %$param) {
943 if (PVE::QemuServer::is_valid_drivename($opt)) {
944 # cleanup drive path
945 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
946 raise_param_exc({ $opt => "unable to parse drive options" }) if !$drive;
947 PVE::QemuServer::cleanup_drive_path($opt, $storecfg, $drive);
948 $param->{$opt} = PVE::QemuServer::print_drive($vmid, $drive);
949 } elsif ($opt =~ m/^net(\d+)$/) {
950 # add macaddr
951 my $net = PVE::QemuServer::parse_net($param->{$opt});
952 $param->{$opt} = PVE::QemuServer::print_net($net);
953 }
954 }
955
956 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [@delete]);
957
958 &$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
959
960 &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
961
962 my $updatefn = sub {
963
964 my $conf = PVE::QemuConfig->load_config($vmid);
965
966 die "checksum missmatch (file change by other user?)\n"
967 if $digest && $digest ne $conf->{digest};
968
969 PVE::QemuConfig->check_lock($conf) if !$skiplock;
970
971 foreach my $opt (keys %$revert) {
972 if (defined($conf->{$opt})) {
973 $param->{$opt} = $conf->{$opt};
974 } elsif (defined($conf->{pending}->{$opt})) {
975 push @delete, $opt;
976 }
977 }
978
979 if ($param->{memory} || defined($param->{balloon})) {
980 my $maxmem = $param->{memory} || $conf->{pending}->{memory} || $conf->{memory} || $defaults->{memory};
981 my $balloon = defined($param->{balloon}) ? $param->{balloon} : $conf->{pending}->{balloon} || $conf->{balloon};
982
983 die "balloon value too large (must be smaller than assigned memory)\n"
984 if $balloon && $balloon > $maxmem;
985 }
986
987 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: " . join (' ', @paramarr));
988
989 my $worker = sub {
990
991 print "update VM $vmid: " . join (' ', @paramarr) . "\n";
992
993 # write updates to pending section
994
995 my $modified = {}; # record what $option we modify
996
997 foreach my $opt (@delete) {
998 $modified->{$opt} = 1;
999 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1000 if ($opt =~ m/^unused/) {
1001 my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
1002 PVE::QemuConfig->check_protection($conf, "can't remove unused disk '$drive->{file}'");
1003 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1004 if (PVE::QemuServer::try_deallocate_drive($storecfg, $vmid, $conf, $opt, $drive, $rpcenv, $authuser)) {
1005 delete $conf->{$opt};
1006 PVE::QemuConfig->write_config($vmid, $conf);
1007 }
1008 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
1009 PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
1010 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1011 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1012 if defined($conf->{pending}->{$opt});
1013 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1014 PVE::QemuConfig->write_config($vmid, $conf);
1015 } else {
1016 PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
1017 PVE::QemuConfig->write_config($vmid, $conf);
1018 }
1019 }
1020
1021 foreach my $opt (keys %$param) { # add/change
1022 $modified->{$opt} = 1;
1023 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1024 next if defined($conf->{pending}->{$opt}) && ($param->{$opt} eq $conf->{pending}->{$opt}); # skip if nothing changed
1025
1026 if (PVE::QemuServer::is_valid_drivename($opt)) {
1027 my $drive = PVE::QemuServer::parse_drive($opt, $param->{$opt});
1028 if (PVE::QemuServer::drive_is_cdrom($drive)) { # CDROM
1029 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
1030 } else {
1031 $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
1032 }
1033 PVE::QemuServer::vmconfig_register_unused_drive($storecfg, $vmid, $conf, PVE::QemuServer::parse_drive($opt, $conf->{pending}->{$opt}))
1034 if defined($conf->{pending}->{$opt});
1035
1036 &$create_disks($rpcenv, $authuser, $conf->{pending}, $storecfg, $vmid, undef, {$opt => $param->{$opt}});
1037 } else {
1038 $conf->{pending}->{$opt} = $param->{$opt};
1039 }
1040 PVE::QemuServer::vmconfig_undelete_pending_option($conf, $opt);
1041 PVE::QemuConfig->write_config($vmid, $conf);
1042 }
1043
1044 # remove pending changes when nothing changed
1045 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1046 my $changes = PVE::QemuServer::vmconfig_cleanup_pending($conf);
1047 PVE::QemuConfig->write_config($vmid, $conf) if $changes;
1048
1049 return if !scalar(keys %{$conf->{pending}});
1050
1051 my $running = PVE::QemuServer::check_running($vmid);
1052
1053 # apply pending changes
1054
1055 $conf = PVE::QemuConfig->load_config($vmid); # update/reload
1056
1057 if ($running) {
1058 my $errors = {};
1059 PVE::QemuServer::vmconfig_hotplug_pending($vmid, $conf, $storecfg, $modified, $errors);
1060 raise_param_exc($errors) if scalar(keys %$errors);
1061 } else {
1062 PVE::QemuServer::vmconfig_apply_pending($vmid, $conf, $storecfg, $running);
1063 }
1064
1065 return;
1066 };
1067
1068 if ($sync) {
1069 &$worker();
1070 return undef;
1071 } else {
1072 my $upid = $rpcenv->fork_worker('qmconfig', $vmid, $authuser, $worker);
1073
1074 if ($background_delay) {
1075
1076 # Note: It would be better to do that in the Event based HTTPServer
1077 # to avoid blocking call to sleep.
1078
1079 my $end_time = time() + $background_delay;
1080
1081 my $task = PVE::Tools::upid_decode($upid);
1082
1083 my $running = 1;
1084 while (time() < $end_time) {
1085 $running = PVE::ProcFSTools::check_process_running($task->{pid}, $task->{pstart});
1086 last if !$running;
1087 sleep(1); # this gets interrupted when child process ends
1088 }
1089
1090 if (!$running) {
1091 my $status = PVE::Tools::upid_read_status($upid);
1092 return undef if $status eq 'OK';
1093 die $status;
1094 }
1095 }
1096
1097 return $upid;
1098 }
1099 };
1100
1101 return PVE::QemuConfig->lock_config($vmid, $updatefn);
1102 };
1103
1104 my $vm_config_perm_list = [
1105 'VM.Config.Disk',
1106 'VM.Config.CDROM',
1107 'VM.Config.CPU',
1108 'VM.Config.Memory',
1109 'VM.Config.Network',
1110 'VM.Config.HWType',
1111 'VM.Config.Options',
1112 ];
1113
1114 __PACKAGE__->register_method({
1115 name => 'update_vm_async',
1116 path => '{vmid}/config',
1117 method => 'POST',
1118 protected => 1,
1119 proxyto => 'node',
1120 description => "Set virtual machine options (asynchrounous API).",
1121 permissions => {
1122 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1123 },
1124 parameters => {
1125 additionalProperties => 0,
1126 properties => PVE::QemuServer::json_config_properties(
1127 {
1128 node => get_standard_option('pve-node'),
1129 vmid => get_standard_option('pve-vmid'),
1130 skiplock => get_standard_option('skiplock'),
1131 delete => {
1132 type => 'string', format => 'pve-configid-list',
1133 description => "A list of settings you want to delete.",
1134 optional => 1,
1135 },
1136 revert => {
1137 type => 'string', format => 'pve-configid-list',
1138 description => "Revert a pending change.",
1139 optional => 1,
1140 },
1141 force => {
1142 type => 'boolean',
1143 description => $opt_force_description,
1144 optional => 1,
1145 requires => 'delete',
1146 },
1147 digest => {
1148 type => 'string',
1149 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1150 maxLength => 40,
1151 optional => 1,
1152 },
1153 background_delay => {
1154 type => 'integer',
1155 description => "Time to wait for the task to finish. We return 'null' if the task finish within that time.",
1156 minimum => 1,
1157 maximum => 30,
1158 optional => 1,
1159 },
1160 }),
1161 },
1162 returns => {
1163 type => 'string',
1164 optional => 1,
1165 },
1166 code => $update_vm_api,
1167 });
1168
1169 __PACKAGE__->register_method({
1170 name => 'update_vm',
1171 path => '{vmid}/config',
1172 method => 'PUT',
1173 protected => 1,
1174 proxyto => 'node',
1175 description => "Set virtual machine options (synchrounous API) - You should consider using the POST method instead for any actions involving hotplug or storage allocation.",
1176 permissions => {
1177 check => ['perm', '/vms/{vmid}', $vm_config_perm_list, any => 1],
1178 },
1179 parameters => {
1180 additionalProperties => 0,
1181 properties => PVE::QemuServer::json_config_properties(
1182 {
1183 node => get_standard_option('pve-node'),
1184 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1185 skiplock => get_standard_option('skiplock'),
1186 delete => {
1187 type => 'string', format => 'pve-configid-list',
1188 description => "A list of settings you want to delete.",
1189 optional => 1,
1190 },
1191 revert => {
1192 type => 'string', format => 'pve-configid-list',
1193 description => "Revert a pending change.",
1194 optional => 1,
1195 },
1196 force => {
1197 type => 'boolean',
1198 description => $opt_force_description,
1199 optional => 1,
1200 requires => 'delete',
1201 },
1202 digest => {
1203 type => 'string',
1204 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
1205 maxLength => 40,
1206 optional => 1,
1207 },
1208 }),
1209 },
1210 returns => { type => 'null' },
1211 code => sub {
1212 my ($param) = @_;
1213 &$update_vm_api($param, 1);
1214 return undef;
1215 }
1216 });
1217
1218
1219 __PACKAGE__->register_method({
1220 name => 'destroy_vm',
1221 path => '{vmid}',
1222 method => 'DELETE',
1223 protected => 1,
1224 proxyto => 'node',
1225 description => "Destroy the vm (also delete all used/owned volumes).",
1226 permissions => {
1227 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
1228 },
1229 parameters => {
1230 additionalProperties => 0,
1231 properties => {
1232 node => get_standard_option('pve-node'),
1233 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1234 skiplock => get_standard_option('skiplock'),
1235 },
1236 },
1237 returns => {
1238 type => 'string',
1239 },
1240 code => sub {
1241 my ($param) = @_;
1242
1243 my $rpcenv = PVE::RPCEnvironment::get();
1244
1245 my $authuser = $rpcenv->get_user();
1246
1247 my $vmid = $param->{vmid};
1248
1249 my $skiplock = $param->{skiplock};
1250 raise_param_exc({ skiplock => "Only root may use this option." })
1251 if $skiplock && $authuser ne 'root@pam';
1252
1253 # test if VM exists
1254 my $conf = PVE::QemuConfig->load_config($vmid);
1255
1256 my $storecfg = PVE::Storage::config();
1257
1258 PVE::QemuConfig->check_protection($conf, "can't remove VM $vmid");
1259
1260 die "unable to remove VM $vmid - used in HA resources\n"
1261 if PVE::HA::Config::vm_is_ha_managed($vmid);
1262
1263 # early tests (repeat after locking)
1264 die "VM $vmid is running - destroy failed\n"
1265 if PVE::QemuServer::check_running($vmid);
1266
1267 my $realcmd = sub {
1268 my $upid = shift;
1269
1270 syslog('info', "destroy VM $vmid: $upid\n");
1271
1272 PVE::QemuServer::vm_destroy($storecfg, $vmid, $skiplock);
1273
1274 PVE::AccessControl::remove_vm_access($vmid);
1275
1276 PVE::Firewall::remove_vmfw_conf($vmid);
1277 };
1278
1279 return $rpcenv->fork_worker('qmdestroy', $vmid, $authuser, $realcmd);
1280 }});
1281
1282 __PACKAGE__->register_method({
1283 name => 'unlink',
1284 path => '{vmid}/unlink',
1285 method => 'PUT',
1286 protected => 1,
1287 proxyto => 'node',
1288 description => "Unlink/delete disk images.",
1289 permissions => {
1290 check => [ 'perm', '/vms/{vmid}', ['VM.Config.Disk']],
1291 },
1292 parameters => {
1293 additionalProperties => 0,
1294 properties => {
1295 node => get_standard_option('pve-node'),
1296 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
1297 idlist => {
1298 type => 'string', format => 'pve-configid-list',
1299 description => "A list of disk IDs you want to delete.",
1300 },
1301 force => {
1302 type => 'boolean',
1303 description => $opt_force_description,
1304 optional => 1,
1305 },
1306 },
1307 },
1308 returns => { type => 'null'},
1309 code => sub {
1310 my ($param) = @_;
1311
1312 $param->{delete} = extract_param($param, 'idlist');
1313
1314 __PACKAGE__->update_vm($param);
1315
1316 return undef;
1317 }});
1318
1319 my $sslcert;
1320
1321 __PACKAGE__->register_method({
1322 name => 'vncproxy',
1323 path => '{vmid}/vncproxy',
1324 method => 'POST',
1325 protected => 1,
1326 permissions => {
1327 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1328 },
1329 description => "Creates a TCP VNC proxy connections.",
1330 parameters => {
1331 additionalProperties => 0,
1332 properties => {
1333 node => get_standard_option('pve-node'),
1334 vmid => get_standard_option('pve-vmid'),
1335 websocket => {
1336 optional => 1,
1337 type => 'boolean',
1338 description => "starts websockify instead of vncproxy",
1339 },
1340 },
1341 },
1342 returns => {
1343 additionalProperties => 0,
1344 properties => {
1345 user => { type => 'string' },
1346 ticket => { type => 'string' },
1347 cert => { type => 'string' },
1348 port => { type => 'integer' },
1349 upid => { type => 'string' },
1350 },
1351 },
1352 code => sub {
1353 my ($param) = @_;
1354
1355 my $rpcenv = PVE::RPCEnvironment::get();
1356
1357 my $authuser = $rpcenv->get_user();
1358
1359 my $vmid = $param->{vmid};
1360 my $node = $param->{node};
1361 my $websocket = $param->{websocket};
1362
1363 my $conf = PVE::QemuConfig->load_config($vmid, $node); # check if VM exists
1364
1365 my $authpath = "/vms/$vmid";
1366
1367 my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
1368
1369 $sslcert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192)
1370 if !$sslcert;
1371
1372 my ($remip, $family);
1373 my $remcmd = [];
1374
1375 if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
1376 ($remip, $family) = PVE::Cluster::remote_node_ip($node);
1377 # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure
1378 $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip];
1379 } else {
1380 $family = PVE::Tools::get_host_address_family($node);
1381 }
1382
1383 my $port = PVE::Tools::next_vnc_port($family);
1384
1385 my $timeout = 10;
1386
1387 my $realcmd = sub {
1388 my $upid = shift;
1389
1390 syslog('info', "starting vnc proxy $upid\n");
1391
1392 my $cmd;
1393
1394 if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
1395
1396 die "Websocket mode is not supported in vga serial mode!" if $websocket;
1397
1398 my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
1399 #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
1400 $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
1401 '-timeout', $timeout, '-authpath', $authpath,
1402 '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
1403 } else {
1404
1405 $ENV{LC_PVE_TICKET} = $ticket if $websocket; # set ticket with "qm vncproxy"
1406
1407 my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
1408
1409 my $qmstr = join(' ', @$qmcmd);
1410
1411 # also redirect stderr (else we get RFB protocol errors)
1412 $cmd = ['/bin/nc6', '-l', '-p', $port, '-w', $timeout, '-e', "$qmstr 2>/dev/null"];
1413 }
1414
1415 PVE::Tools::run_command($cmd);
1416
1417 return;
1418 };
1419
1420 my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd);
1421
1422 PVE::Tools::wait_for_vnc_port($port);
1423
1424 return {
1425 user => $authuser,
1426 ticket => $ticket,
1427 port => $port,
1428 upid => $upid,
1429 cert => $sslcert,
1430 };
1431 }});
1432
1433 __PACKAGE__->register_method({
1434 name => 'vncwebsocket',
1435 path => '{vmid}/vncwebsocket',
1436 method => 'GET',
1437 permissions => {
1438 description => "You also need to pass a valid ticket (vncticket).",
1439 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1440 },
1441 description => "Opens a weksocket for VNC traffic.",
1442 parameters => {
1443 additionalProperties => 0,
1444 properties => {
1445 node => get_standard_option('pve-node'),
1446 vmid => get_standard_option('pve-vmid'),
1447 vncticket => {
1448 description => "Ticket from previous call to vncproxy.",
1449 type => 'string',
1450 maxLength => 512,
1451 },
1452 port => {
1453 description => "Port number returned by previous vncproxy call.",
1454 type => 'integer',
1455 minimum => 5900,
1456 maximum => 5999,
1457 },
1458 },
1459 },
1460 returns => {
1461 type => "object",
1462 properties => {
1463 port => { type => 'string' },
1464 },
1465 },
1466 code => sub {
1467 my ($param) = @_;
1468
1469 my $rpcenv = PVE::RPCEnvironment::get();
1470
1471 my $authuser = $rpcenv->get_user();
1472
1473 my $vmid = $param->{vmid};
1474 my $node = $param->{node};
1475
1476 my $authpath = "/vms/$vmid";
1477
1478 PVE::AccessControl::verify_vnc_ticket($param->{vncticket}, $authuser, $authpath);
1479
1480 my $conf = PVE::QemuConfig->load_config($vmid, $node); # VM exists ?
1481
1482 # Note: VNC ports are acessible from outside, so we do not gain any
1483 # security if we verify that $param->{port} belongs to VM $vmid. This
1484 # check is done by verifying the VNC ticket (inside VNC protocol).
1485
1486 my $port = $param->{port};
1487
1488 return { port => $port };
1489 }});
1490
1491 __PACKAGE__->register_method({
1492 name => 'spiceproxy',
1493 path => '{vmid}/spiceproxy',
1494 method => 'POST',
1495 protected => 1,
1496 proxyto => 'node',
1497 permissions => {
1498 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
1499 },
1500 description => "Returns a SPICE configuration to connect to the VM.",
1501 parameters => {
1502 additionalProperties => 0,
1503 properties => {
1504 node => get_standard_option('pve-node'),
1505 vmid => get_standard_option('pve-vmid'),
1506 proxy => get_standard_option('spice-proxy', { optional => 1 }),
1507 },
1508 },
1509 returns => get_standard_option('remote-viewer-config'),
1510 code => sub {
1511 my ($param) = @_;
1512
1513 my $rpcenv = PVE::RPCEnvironment::get();
1514
1515 my $authuser = $rpcenv->get_user();
1516
1517 my $vmid = $param->{vmid};
1518 my $node = $param->{node};
1519 my $proxy = $param->{proxy};
1520
1521 my $conf = PVE::QemuConfig->load_config($vmid, $node);
1522 my $title = "VM $vmid";
1523 $title .= " - ". $conf->{name} if $conf->{name};
1524
1525 my $port = PVE::QemuServer::spice_port($vmid);
1526
1527 my ($ticket, undef, $remote_viewer_config) =
1528 PVE::AccessControl::remote_viewer_config($authuser, $vmid, $node, $proxy, $title, $port);
1529
1530 PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
1531 PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
1532
1533 return $remote_viewer_config;
1534 }});
1535
1536 __PACKAGE__->register_method({
1537 name => 'vmcmdidx',
1538 path => '{vmid}/status',
1539 method => 'GET',
1540 proxyto => 'node',
1541 description => "Directory index",
1542 permissions => {
1543 user => 'all',
1544 },
1545 parameters => {
1546 additionalProperties => 0,
1547 properties => {
1548 node => get_standard_option('pve-node'),
1549 vmid => get_standard_option('pve-vmid'),
1550 },
1551 },
1552 returns => {
1553 type => 'array',
1554 items => {
1555 type => "object",
1556 properties => {
1557 subdir => { type => 'string' },
1558 },
1559 },
1560 links => [ { rel => 'child', href => "{subdir}" } ],
1561 },
1562 code => sub {
1563 my ($param) = @_;
1564
1565 # test if VM exists
1566 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1567
1568 my $res = [
1569 { subdir => 'current' },
1570 { subdir => 'start' },
1571 { subdir => 'stop' },
1572 ];
1573
1574 return $res;
1575 }});
1576
1577 __PACKAGE__->register_method({
1578 name => 'vm_status',
1579 path => '{vmid}/status/current',
1580 method => 'GET',
1581 proxyto => 'node',
1582 protected => 1, # qemu pid files are only readable by root
1583 description => "Get virtual machine status.",
1584 permissions => {
1585 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
1586 },
1587 parameters => {
1588 additionalProperties => 0,
1589 properties => {
1590 node => get_standard_option('pve-node'),
1591 vmid => get_standard_option('pve-vmid'),
1592 },
1593 },
1594 returns => { type => 'object' },
1595 code => sub {
1596 my ($param) = @_;
1597
1598 # test if VM exists
1599 my $conf = PVE::QemuConfig->load_config($param->{vmid});
1600
1601 my $vmstatus = PVE::QemuServer::vmstatus($param->{vmid}, 1);
1602 my $status = $vmstatus->{$param->{vmid}};
1603
1604 $status->{ha} = PVE::HA::Config::get_service_status("vm:$param->{vmid}");
1605
1606 $status->{spice} = 1 if PVE::QemuServer::vga_conf_has_spice($conf->{vga});
1607
1608 return $status;
1609 }});
1610
1611 __PACKAGE__->register_method({
1612 name => 'vm_start',
1613 path => '{vmid}/status/start',
1614 method => 'POST',
1615 protected => 1,
1616 proxyto => 'node',
1617 description => "Start virtual machine.",
1618 permissions => {
1619 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1620 },
1621 parameters => {
1622 additionalProperties => 0,
1623 properties => {
1624 node => get_standard_option('pve-node'),
1625 vmid => get_standard_option('pve-vmid',
1626 { completion => \&PVE::QemuServer::complete_vmid_stopped }),
1627 skiplock => get_standard_option('skiplock'),
1628 stateuri => get_standard_option('pve-qm-stateuri'),
1629 migratedfrom => get_standard_option('pve-node',{ optional => 1 }),
1630 migration_type => {
1631 type => 'string',
1632 enum => ['secure', 'insecure'],
1633 description => "Migration traffic is encrypted using an SSH " .
1634 "tunnel by default. On secure, completely private networks " .
1635 "this can be disabled to increase performance.",
1636 optional => 1,
1637 },
1638 migration_network => {
1639 type => 'string', format => 'CIDR',
1640 description => "CIDR of the (sub) network that is used for migration.",
1641 optional => 1,
1642 },
1643 machine => get_standard_option('pve-qm-machine'),
1644 },
1645 },
1646 returns => {
1647 type => 'string',
1648 },
1649 code => sub {
1650 my ($param) = @_;
1651
1652 my $rpcenv = PVE::RPCEnvironment::get();
1653
1654 my $authuser = $rpcenv->get_user();
1655
1656 my $node = extract_param($param, 'node');
1657
1658 my $vmid = extract_param($param, 'vmid');
1659
1660 my $machine = extract_param($param, 'machine');
1661
1662 my $stateuri = extract_param($param, 'stateuri');
1663 raise_param_exc({ stateuri => "Only root may use this option." })
1664 if $stateuri && $authuser ne 'root@pam';
1665
1666 my $skiplock = extract_param($param, 'skiplock');
1667 raise_param_exc({ skiplock => "Only root may use this option." })
1668 if $skiplock && $authuser ne 'root@pam';
1669
1670 my $migratedfrom = extract_param($param, 'migratedfrom');
1671 raise_param_exc({ migratedfrom => "Only root may use this option." })
1672 if $migratedfrom && $authuser ne 'root@pam';
1673
1674 my $migration_type = extract_param($param, 'migration_type');
1675 raise_param_exc({ migration_type => "Only root may use this option." })
1676 if $migration_type && $authuser ne 'root@pam';
1677
1678 my $migration_network = extract_param($param, 'migration_network');
1679 raise_param_exc({ migration_network => "Only root may use this option." })
1680 if $migration_network && $authuser ne 'root@pam';
1681
1682 # read spice ticket from STDIN
1683 my $spice_ticket;
1684 if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
1685 if (defined(my $line = <>)) {
1686 chomp $line;
1687 $spice_ticket = $line;
1688 }
1689 }
1690
1691 PVE::Cluster::check_cfs_quorum();
1692
1693 my $storecfg = PVE::Storage::config();
1694
1695 if (PVE::HA::Config::vm_is_ha_managed($vmid) && !$stateuri &&
1696 $rpcenv->{type} ne 'ha') {
1697
1698 my $hacmd = sub {
1699 my $upid = shift;
1700
1701 my $service = "vm:$vmid";
1702
1703 my $cmd = ['ha-manager', 'set', $service, '--state', 'started'];
1704
1705 print "Executing HA start for VM $vmid\n";
1706
1707 PVE::Tools::run_command($cmd);
1708
1709 return;
1710 };
1711
1712 return $rpcenv->fork_worker('hastart', $vmid, $authuser, $hacmd);
1713
1714 } else {
1715
1716 my $realcmd = sub {
1717 my $upid = shift;
1718
1719 syslog('info', "start VM $vmid: $upid\n");
1720
1721 PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef,
1722 $machine, $spice_ticket, $migration_network, $migration_type);
1723
1724 return;
1725 };
1726
1727 return $rpcenv->fork_worker('qmstart', $vmid, $authuser, $realcmd);
1728 }
1729 }});
1730
1731 __PACKAGE__->register_method({
1732 name => 'vm_stop',
1733 path => '{vmid}/status/stop',
1734 method => 'POST',
1735 protected => 1,
1736 proxyto => 'node',
1737 description => "Stop virtual machine. The qemu process will exit immediately. This" .
1738 "is akin to pulling the power plug of a running computer and may damage the VM data",
1739 permissions => {
1740 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1741 },
1742 parameters => {
1743 additionalProperties => 0,
1744 properties => {
1745 node => get_standard_option('pve-node'),
1746 vmid => get_standard_option('pve-vmid',
1747 { completion => \&PVE::QemuServer::complete_vmid_running }),
1748 skiplock => get_standard_option('skiplock'),
1749 migratedfrom => get_standard_option('pve-node', { optional => 1 }),
1750 timeout => {
1751 description => "Wait maximal timeout seconds.",
1752 type => 'integer',
1753 minimum => 0,
1754 optional => 1,
1755 },
1756 keepActive => {
1757 description => "Do not deactivate storage volumes.",
1758 type => 'boolean',
1759 optional => 1,
1760 default => 0,
1761 }
1762 },
1763 },
1764 returns => {
1765 type => 'string',
1766 },
1767 code => sub {
1768 my ($param) = @_;
1769
1770 my $rpcenv = PVE::RPCEnvironment::get();
1771
1772 my $authuser = $rpcenv->get_user();
1773
1774 my $node = extract_param($param, 'node');
1775
1776 my $vmid = extract_param($param, 'vmid');
1777
1778 my $skiplock = extract_param($param, 'skiplock');
1779 raise_param_exc({ skiplock => "Only root may use this option." })
1780 if $skiplock && $authuser ne 'root@pam';
1781
1782 my $keepActive = extract_param($param, 'keepActive');
1783 raise_param_exc({ keepActive => "Only root may use this option." })
1784 if $keepActive && $authuser ne 'root@pam';
1785
1786 my $migratedfrom = extract_param($param, 'migratedfrom');
1787 raise_param_exc({ migratedfrom => "Only root may use this option." })
1788 if $migratedfrom && $authuser ne 'root@pam';
1789
1790
1791 my $storecfg = PVE::Storage::config();
1792
1793 if (PVE::HA::Config::vm_is_ha_managed($vmid) && ($rpcenv->{type} ne 'ha') && !defined($migratedfrom)) {
1794
1795 my $hacmd = sub {
1796 my $upid = shift;
1797
1798 my $service = "vm:$vmid";
1799
1800 my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
1801
1802 print "Executing HA stop for VM $vmid\n";
1803
1804 PVE::Tools::run_command($cmd);
1805
1806 return;
1807 };
1808
1809 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1810
1811 } else {
1812 my $realcmd = sub {
1813 my $upid = shift;
1814
1815 syslog('info', "stop VM $vmid: $upid\n");
1816
1817 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0,
1818 $param->{timeout}, 0, 1, $keepActive, $migratedfrom);
1819
1820 return;
1821 };
1822
1823 return $rpcenv->fork_worker('qmstop', $vmid, $authuser, $realcmd);
1824 }
1825 }});
1826
1827 __PACKAGE__->register_method({
1828 name => 'vm_reset',
1829 path => '{vmid}/status/reset',
1830 method => 'POST',
1831 protected => 1,
1832 proxyto => 'node',
1833 description => "Reset virtual machine.",
1834 permissions => {
1835 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1836 },
1837 parameters => {
1838 additionalProperties => 0,
1839 properties => {
1840 node => get_standard_option('pve-node'),
1841 vmid => get_standard_option('pve-vmid',
1842 { completion => \&PVE::QemuServer::complete_vmid_running }),
1843 skiplock => get_standard_option('skiplock'),
1844 },
1845 },
1846 returns => {
1847 type => 'string',
1848 },
1849 code => sub {
1850 my ($param) = @_;
1851
1852 my $rpcenv = PVE::RPCEnvironment::get();
1853
1854 my $authuser = $rpcenv->get_user();
1855
1856 my $node = extract_param($param, 'node');
1857
1858 my $vmid = extract_param($param, 'vmid');
1859
1860 my $skiplock = extract_param($param, 'skiplock');
1861 raise_param_exc({ skiplock => "Only root may use this option." })
1862 if $skiplock && $authuser ne 'root@pam';
1863
1864 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
1865
1866 my $realcmd = sub {
1867 my $upid = shift;
1868
1869 PVE::QemuServer::vm_reset($vmid, $skiplock);
1870
1871 return;
1872 };
1873
1874 return $rpcenv->fork_worker('qmreset', $vmid, $authuser, $realcmd);
1875 }});
1876
1877 __PACKAGE__->register_method({
1878 name => 'vm_shutdown',
1879 path => '{vmid}/status/shutdown',
1880 method => 'POST',
1881 protected => 1,
1882 proxyto => 'node',
1883 description => "Shutdown virtual machine. This is similar to pressing the power button on a physical machine." .
1884 "This will send an ACPI event for the guest OS, which should then proceed to a clean shutdown.",
1885 permissions => {
1886 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
1887 },
1888 parameters => {
1889 additionalProperties => 0,
1890 properties => {
1891 node => get_standard_option('pve-node'),
1892 vmid => get_standard_option('pve-vmid',
1893 { completion => \&PVE::QemuServer::complete_vmid_running }),
1894 skiplock => get_standard_option('skiplock'),
1895 timeout => {
1896 description => "Wait maximal timeout seconds.",
1897 type => 'integer',
1898 minimum => 0,
1899 optional => 1,
1900 },
1901 forceStop => {
1902 description => "Make sure the VM stops.",
1903 type => 'boolean',
1904 optional => 1,
1905 default => 0,
1906 },
1907 keepActive => {
1908 description => "Do not deactivate storage volumes.",
1909 type => 'boolean',
1910 optional => 1,
1911 default => 0,
1912 }
1913 },
1914 },
1915 returns => {
1916 type => 'string',
1917 },
1918 code => sub {
1919 my ($param) = @_;
1920
1921 my $rpcenv = PVE::RPCEnvironment::get();
1922
1923 my $authuser = $rpcenv->get_user();
1924
1925 my $node = extract_param($param, 'node');
1926
1927 my $vmid = extract_param($param, 'vmid');
1928
1929 my $skiplock = extract_param($param, 'skiplock');
1930 raise_param_exc({ skiplock => "Only root may use this option." })
1931 if $skiplock && $authuser ne 'root@pam';
1932
1933 my $keepActive = extract_param($param, 'keepActive');
1934 raise_param_exc({ keepActive => "Only root may use this option." })
1935 if $keepActive && $authuser ne 'root@pam';
1936
1937 my $storecfg = PVE::Storage::config();
1938
1939 my $shutdown = 1;
1940
1941 # if vm is paused, do not shutdown (but stop if forceStop = 1)
1942 # otherwise, we will infer a shutdown command, but run into the timeout,
1943 # then when the vm is resumed, it will instantly shutdown
1944 #
1945 # checking the qmp status here to get feedback to the gui/cli/api
1946 # and the status query should not take too long
1947 my $qmpstatus;
1948 eval {
1949 $qmpstatus = PVE::QemuServer::vm_qmp_command($vmid, { execute => "query-status" }, 0);
1950 };
1951 my $err = $@ if $@;
1952
1953 if (!$err && $qmpstatus->{status} eq "paused") {
1954 if ($param->{forceStop}) {
1955 warn "VM is paused - stop instead of shutdown\n";
1956 $shutdown = 0;
1957 } else {
1958 die "VM is paused - cannot shutdown\n";
1959 }
1960 }
1961
1962 if (PVE::HA::Config::vm_is_ha_managed($vmid) &&
1963 ($rpcenv->{type} ne 'ha')) {
1964
1965 my $hacmd = sub {
1966 my $upid = shift;
1967
1968 my $service = "vm:$vmid";
1969
1970 my $cmd = ['ha-manager', 'set', $service, '--state', 'stopped'];
1971
1972 print "Executing HA stop for VM $vmid\n";
1973
1974 PVE::Tools::run_command($cmd);
1975
1976 return;
1977 };
1978
1979 return $rpcenv->fork_worker('hastop', $vmid, $authuser, $hacmd);
1980
1981 } else {
1982
1983 my $realcmd = sub {
1984 my $upid = shift;
1985
1986 syslog('info', "shutdown VM $vmid: $upid\n");
1987
1988 PVE::QemuServer::vm_stop($storecfg, $vmid, $skiplock, 0, $param->{timeout},
1989 $shutdown, $param->{forceStop}, $keepActive);
1990
1991 return;
1992 };
1993
1994 return $rpcenv->fork_worker('qmshutdown', $vmid, $authuser, $realcmd);
1995 }
1996 }});
1997
1998 __PACKAGE__->register_method({
1999 name => 'vm_suspend',
2000 path => '{vmid}/status/suspend',
2001 method => 'POST',
2002 protected => 1,
2003 proxyto => 'node',
2004 description => "Suspend virtual machine.",
2005 permissions => {
2006 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2007 },
2008 parameters => {
2009 additionalProperties => 0,
2010 properties => {
2011 node => get_standard_option('pve-node'),
2012 vmid => get_standard_option('pve-vmid',
2013 { completion => \&PVE::QemuServer::complete_vmid_running }),
2014 skiplock => get_standard_option('skiplock'),
2015 },
2016 },
2017 returns => {
2018 type => 'string',
2019 },
2020 code => sub {
2021 my ($param) = @_;
2022
2023 my $rpcenv = PVE::RPCEnvironment::get();
2024
2025 my $authuser = $rpcenv->get_user();
2026
2027 my $node = extract_param($param, 'node');
2028
2029 my $vmid = extract_param($param, 'vmid');
2030
2031 my $skiplock = extract_param($param, 'skiplock');
2032 raise_param_exc({ skiplock => "Only root may use this option." })
2033 if $skiplock && $authuser ne 'root@pam';
2034
2035 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid);
2036
2037 my $realcmd = sub {
2038 my $upid = shift;
2039
2040 syslog('info', "suspend VM $vmid: $upid\n");
2041
2042 PVE::QemuServer::vm_suspend($vmid, $skiplock);
2043
2044 return;
2045 };
2046
2047 return $rpcenv->fork_worker('qmsuspend', $vmid, $authuser, $realcmd);
2048 }});
2049
2050 __PACKAGE__->register_method({
2051 name => 'vm_resume',
2052 path => '{vmid}/status/resume',
2053 method => 'POST',
2054 protected => 1,
2055 proxyto => 'node',
2056 description => "Resume virtual machine.",
2057 permissions => {
2058 check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
2059 },
2060 parameters => {
2061 additionalProperties => 0,
2062 properties => {
2063 node => get_standard_option('pve-node'),
2064 vmid => get_standard_option('pve-vmid',
2065 { completion => \&PVE::QemuServer::complete_vmid_running }),
2066 skiplock => get_standard_option('skiplock'),
2067 nocheck => { type => 'boolean', optional => 1 },
2068
2069 },
2070 },
2071 returns => {
2072 type => 'string',
2073 },
2074 code => sub {
2075 my ($param) = @_;
2076
2077 my $rpcenv = PVE::RPCEnvironment::get();
2078
2079 my $authuser = $rpcenv->get_user();
2080
2081 my $node = extract_param($param, 'node');
2082
2083 my $vmid = extract_param($param, 'vmid');
2084
2085 my $skiplock = extract_param($param, 'skiplock');
2086 raise_param_exc({ skiplock => "Only root may use this option." })
2087 if $skiplock && $authuser ne 'root@pam';
2088
2089 my $nocheck = extract_param($param, 'nocheck');
2090
2091 die "VM $vmid not running\n" if !PVE::QemuServer::check_running($vmid, $nocheck);
2092
2093 my $realcmd = sub {
2094 my $upid = shift;
2095
2096 syslog('info', "resume VM $vmid: $upid\n");
2097
2098 PVE::QemuServer::vm_resume($vmid, $skiplock, $nocheck);
2099
2100 return;
2101 };
2102
2103 return $rpcenv->fork_worker('qmresume', $vmid, $authuser, $realcmd);
2104 }});
2105
2106 __PACKAGE__->register_method({
2107 name => 'vm_sendkey',
2108 path => '{vmid}/sendkey',
2109 method => 'PUT',
2110 protected => 1,
2111 proxyto => 'node',
2112 description => "Send key event to virtual machine.",
2113 permissions => {
2114 check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
2115 },
2116 parameters => {
2117 additionalProperties => 0,
2118 properties => {
2119 node => get_standard_option('pve-node'),
2120 vmid => get_standard_option('pve-vmid',
2121 { completion => \&PVE::QemuServer::complete_vmid_running }),
2122 skiplock => get_standard_option('skiplock'),
2123 key => {
2124 description => "The key (qemu monitor encoding).",
2125 type => 'string'
2126 }
2127 },
2128 },
2129 returns => { type => 'null'},
2130 code => sub {
2131 my ($param) = @_;
2132
2133 my $rpcenv = PVE::RPCEnvironment::get();
2134
2135 my $authuser = $rpcenv->get_user();
2136
2137 my $node = extract_param($param, 'node');
2138
2139 my $vmid = extract_param($param, 'vmid');
2140
2141 my $skiplock = extract_param($param, 'skiplock');
2142 raise_param_exc({ skiplock => "Only root may use this option." })
2143 if $skiplock && $authuser ne 'root@pam';
2144
2145 PVE::QemuServer::vm_sendkey($vmid, $skiplock, $param->{key});
2146
2147 return;
2148 }});
2149
2150 __PACKAGE__->register_method({
2151 name => 'vm_feature',
2152 path => '{vmid}/feature',
2153 method => 'GET',
2154 proxyto => 'node',
2155 protected => 1,
2156 description => "Check if feature for virtual machine is available.",
2157 permissions => {
2158 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2159 },
2160 parameters => {
2161 additionalProperties => 0,
2162 properties => {
2163 node => get_standard_option('pve-node'),
2164 vmid => get_standard_option('pve-vmid'),
2165 feature => {
2166 description => "Feature to check.",
2167 type => 'string',
2168 enum => [ 'snapshot', 'clone', 'copy' ],
2169 },
2170 snapname => get_standard_option('pve-snapshot-name', {
2171 optional => 1,
2172 }),
2173 },
2174 },
2175 returns => {
2176 type => "object",
2177 properties => {
2178 hasFeature => { type => 'boolean' },
2179 nodes => {
2180 type => 'array',
2181 items => { type => 'string' },
2182 }
2183 },
2184 },
2185 code => sub {
2186 my ($param) = @_;
2187
2188 my $node = extract_param($param, 'node');
2189
2190 my $vmid = extract_param($param, 'vmid');
2191
2192 my $snapname = extract_param($param, 'snapname');
2193
2194 my $feature = extract_param($param, 'feature');
2195
2196 my $running = PVE::QemuServer::check_running($vmid);
2197
2198 my $conf = PVE::QemuConfig->load_config($vmid);
2199
2200 if($snapname){
2201 my $snap = $conf->{snapshots}->{$snapname};
2202 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2203 $conf = $snap;
2204 }
2205 my $storecfg = PVE::Storage::config();
2206
2207 my $nodelist = PVE::QemuServer::shared_nodes($conf, $storecfg);
2208 my $hasFeature = PVE::QemuConfig->has_feature($feature, $conf, $storecfg, $snapname, $running);
2209
2210 return {
2211 hasFeature => $hasFeature,
2212 nodes => [ keys %$nodelist ],
2213 };
2214 }});
2215
2216 __PACKAGE__->register_method({
2217 name => 'clone_vm',
2218 path => '{vmid}/clone',
2219 method => 'POST',
2220 protected => 1,
2221 proxyto => 'node',
2222 description => "Create a copy of virtual machine/template.",
2223 permissions => {
2224 description => "You need 'VM.Clone' permissions on /vms/{vmid}, and 'VM.Allocate' permissions " .
2225 "on /vms/{newid} (or on the VM pool /pool/{pool}). You also need " .
2226 "'Datastore.AllocateSpace' on any used storage.",
2227 check =>
2228 [ 'and',
2229 ['perm', '/vms/{vmid}', [ 'VM.Clone' ]],
2230 [ 'or',
2231 [ 'perm', '/vms/{newid}', ['VM.Allocate']],
2232 [ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'],
2233 ],
2234 ]
2235 },
2236 parameters => {
2237 additionalProperties => 0,
2238 properties => {
2239 node => get_standard_option('pve-node'),
2240 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2241 newid => get_standard_option('pve-vmid', { description => 'VMID for the clone.' }),
2242 name => {
2243 optional => 1,
2244 type => 'string', format => 'dns-name',
2245 description => "Set a name for the new VM.",
2246 },
2247 description => {
2248 optional => 1,
2249 type => 'string',
2250 description => "Description for the new VM.",
2251 },
2252 pool => {
2253 optional => 1,
2254 type => 'string', format => 'pve-poolid',
2255 description => "Add the new VM to the specified pool.",
2256 },
2257 snapname => get_standard_option('pve-snapshot-name', {
2258 optional => 1,
2259 }),
2260 storage => get_standard_option('pve-storage-id', {
2261 description => "Target storage for full clone.",
2262 requires => 'full',
2263 optional => 1,
2264 }),
2265 'format' => {
2266 description => "Target format for file storage.",
2267 requires => 'full',
2268 type => 'string',
2269 optional => 1,
2270 enum => [ 'raw', 'qcow2', 'vmdk'],
2271 },
2272 full => {
2273 optional => 1,
2274 type => 'boolean',
2275 description => "Create a full copy of all disk. This is always done when " .
2276 "you clone a normal VM. For VM templates, we try to create a linked clone by default.",
2277 default => 0,
2278 },
2279 target => get_standard_option('pve-node', {
2280 description => "Target node. Only allowed if the original VM is on shared storage.",
2281 optional => 1,
2282 }),
2283 },
2284 },
2285 returns => {
2286 type => 'string',
2287 },
2288 code => sub {
2289 my ($param) = @_;
2290
2291 my $rpcenv = PVE::RPCEnvironment::get();
2292
2293 my $authuser = $rpcenv->get_user();
2294
2295 my $node = extract_param($param, 'node');
2296
2297 my $vmid = extract_param($param, 'vmid');
2298
2299 my $newid = extract_param($param, 'newid');
2300
2301 my $pool = extract_param($param, 'pool');
2302
2303 if (defined($pool)) {
2304 $rpcenv->check_pool_exist($pool);
2305 }
2306
2307 my $snapname = extract_param($param, 'snapname');
2308
2309 my $storage = extract_param($param, 'storage');
2310
2311 my $format = extract_param($param, 'format');
2312
2313 my $target = extract_param($param, 'target');
2314
2315 my $localnode = PVE::INotify::nodename();
2316
2317 undef $target if $target && ($target eq $localnode || $target eq 'localhost');
2318
2319 PVE::Cluster::check_node_exists($target) if $target;
2320
2321 my $storecfg = PVE::Storage::config();
2322
2323 if ($storage) {
2324 # check if storage is enabled on local node
2325 PVE::Storage::storage_check_enabled($storecfg, $storage);
2326 if ($target) {
2327 # check if storage is available on target node
2328 PVE::Storage::storage_check_node($storecfg, $storage, $target);
2329 # clone only works if target storage is shared
2330 my $scfg = PVE::Storage::storage_config($storecfg, $storage);
2331 die "can't clone to non-shared storage '$storage'\n" if !$scfg->{shared};
2332 }
2333 }
2334
2335 PVE::Cluster::check_cfs_quorum();
2336
2337 my $running = PVE::QemuServer::check_running($vmid) || 0;
2338
2339 # exclusive lock if VM is running - else shared lock is enough;
2340 my $shared_lock = $running ? 0 : 1;
2341
2342 my $clonefn = sub {
2343
2344 # do all tests after lock
2345 # we also try to do all tests before we fork the worker
2346
2347 my $conf = PVE::QemuConfig->load_config($vmid);
2348
2349 PVE::QemuConfig->check_lock($conf);
2350
2351 my $verify_running = PVE::QemuServer::check_running($vmid) || 0;
2352
2353 die "unexpected state change\n" if $verify_running != $running;
2354
2355 die "snapshot '$snapname' does not exist\n"
2356 if $snapname && !defined( $conf->{snapshots}->{$snapname});
2357
2358 my $oldconf = $snapname ? $conf->{snapshots}->{$snapname} : $conf;
2359
2360 my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
2361
2362 die "can't clone VM to node '$target' (VM uses local storage)\n" if $target && !$sharedvm;
2363
2364 my $conffile = PVE::QemuConfig->config_file($newid);
2365
2366 die "unable to create VM $newid: config file already exists\n"
2367 if -f $conffile;
2368
2369 my $newconf = { lock => 'clone' };
2370 my $drives = {};
2371 my $fullclone = {};
2372 my $vollist = [];
2373
2374 foreach my $opt (keys %$oldconf) {
2375 my $value = $oldconf->{$opt};
2376
2377 # do not copy snapshot related info
2378 next if $opt eq 'snapshots' || $opt eq 'parent' || $opt eq 'snaptime' ||
2379 $opt eq 'vmstate' || $opt eq 'snapstate';
2380
2381 # no need to copy unused images, because VMID(owner) changes anyways
2382 next if $opt =~ m/^unused\d+$/;
2383
2384 # always change MAC! address
2385 if ($opt =~ m/^net(\d+)$/) {
2386 my $net = PVE::QemuServer::parse_net($value);
2387 my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
2388 $net->{macaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
2389 $newconf->{$opt} = PVE::QemuServer::print_net($net);
2390 } elsif (PVE::QemuServer::is_valid_drivename($opt)) {
2391 my $drive = PVE::QemuServer::parse_drive($opt, $value);
2392 die "unable to parse drive options for '$opt'\n" if !$drive;
2393 if (PVE::QemuServer::drive_is_cdrom($drive)) {
2394 $newconf->{$opt} = $value; # simply copy configuration
2395 } else {
2396 if ($param->{full}) {
2397 die "Full clone feature is not available"
2398 if !PVE::Storage::volume_has_feature($storecfg, 'copy', $drive->{file}, $snapname, $running);
2399 $fullclone->{$opt} = 1;
2400 } else {
2401 # not full means clone instead of copy
2402 die "Linked clone feature is not available"
2403 if !PVE::Storage::volume_has_feature($storecfg, 'clone', $drive->{file}, $snapname, $running);
2404 }
2405 $drives->{$opt} = $drive;
2406 push @$vollist, $drive->{file};
2407 }
2408 } else {
2409 # copy everything else
2410 $newconf->{$opt} = $value;
2411 }
2412 }
2413
2414 # auto generate a new uuid
2415 my ($uuid, $uuid_str);
2416 UUID::generate($uuid);
2417 UUID::unparse($uuid, $uuid_str);
2418 my $smbios1 = PVE::QemuServer::parse_smbios1($newconf->{smbios1} || '');
2419 $smbios1->{uuid} = $uuid_str;
2420 $newconf->{smbios1} = PVE::QemuServer::print_smbios1($smbios1);
2421
2422 delete $newconf->{template};
2423
2424 if ($param->{name}) {
2425 $newconf->{name} = $param->{name};
2426 } else {
2427 if ($oldconf->{name}) {
2428 $newconf->{name} = "Copy-of-$oldconf->{name}";
2429 } else {
2430 $newconf->{name} = "Copy-of-VM-$vmid";
2431 }
2432 }
2433
2434 if ($param->{description}) {
2435 $newconf->{description} = $param->{description};
2436 }
2437
2438 # create empty/temp config - this fails if VM already exists on other node
2439 PVE::Tools::file_set_contents($conffile, "# qmclone temporary file\nlock: clone\n");
2440
2441 my $realcmd = sub {
2442 my $upid = shift;
2443
2444 my $newvollist = [];
2445
2446 eval {
2447 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2448
2449 PVE::Storage::activate_volumes($storecfg, $vollist, $snapname);
2450
2451 foreach my $opt (keys %$drives) {
2452 my $drive = $drives->{$opt};
2453
2454 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $opt, $drive, $snapname,
2455 $newid, $storage, $format, $fullclone->{$opt}, $newvollist);
2456
2457 $newconf->{$opt} = PVE::QemuServer::print_drive($vmid, $newdrive);
2458
2459 PVE::QemuConfig->write_config($newid, $newconf);
2460 }
2461
2462 delete $newconf->{lock};
2463 PVE::QemuConfig->write_config($newid, $newconf);
2464
2465 if ($target) {
2466 # always deactivate volumes - avoid lvm LVs to be active on several nodes
2467 PVE::Storage::deactivate_volumes($storecfg, $vollist, $snapname) if !$running;
2468 PVE::Storage::deactivate_volumes($storecfg, $newvollist);
2469
2470 my $newconffile = PVE::QemuConfig->config_file($newid, $target);
2471 die "Failed to move config to node '$target' - rename failed: $!\n"
2472 if !rename($conffile, $newconffile);
2473 }
2474
2475 PVE::AccessControl::add_vm_to_pool($newid, $pool) if $pool;
2476 };
2477 if (my $err = $@) {
2478 unlink $conffile;
2479
2480 sleep 1; # some storage like rbd need to wait before release volume - really?
2481
2482 foreach my $volid (@$newvollist) {
2483 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2484 warn $@ if $@;
2485 }
2486 die "clone failed: $err";
2487 }
2488
2489 return;
2490 };
2491
2492 PVE::Firewall::clone_vmfw_conf($vmid, $newid);
2493
2494 return $rpcenv->fork_worker('qmclone', $vmid, $authuser, $realcmd);
2495 };
2496
2497 return PVE::QemuConfig->lock_config_mode($vmid, 1, $shared_lock, sub {
2498 # Aquire exclusive lock lock for $newid
2499 return PVE::QemuConfig->lock_config_full($newid, 1, $clonefn);
2500 });
2501
2502 }});
2503
2504 __PACKAGE__->register_method({
2505 name => 'move_vm_disk',
2506 path => '{vmid}/move_disk',
2507 method => 'POST',
2508 protected => 1,
2509 proxyto => 'node',
2510 description => "Move volume to different storage.",
2511 permissions => {
2512 description => "You need 'VM.Config.Disk' permissions on /vms/{vmid}, " .
2513 "and 'Datastore.AllocateSpace' permissions on the storage.",
2514 check =>
2515 [ 'and',
2516 ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2517 ['perm', '/storage/{storage}', [ 'Datastore.AllocateSpace' ]],
2518 ],
2519 },
2520 parameters => {
2521 additionalProperties => 0,
2522 properties => {
2523 node => get_standard_option('pve-node'),
2524 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2525 disk => {
2526 type => 'string',
2527 description => "The disk you want to move.",
2528 enum => [ PVE::QemuServer::valid_drive_names() ],
2529 },
2530 storage => get_standard_option('pve-storage-id', {
2531 description => "Target storage.",
2532 completion => \&PVE::QemuServer::complete_storage,
2533 }),
2534 'format' => {
2535 type => 'string',
2536 description => "Target Format.",
2537 enum => [ 'raw', 'qcow2', 'vmdk' ],
2538 optional => 1,
2539 },
2540 delete => {
2541 type => 'boolean',
2542 description => "Delete the original disk after successful copy. By default the original disk is kept as unused disk.",
2543 optional => 1,
2544 default => 0,
2545 },
2546 digest => {
2547 type => 'string',
2548 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2549 maxLength => 40,
2550 optional => 1,
2551 },
2552 },
2553 },
2554 returns => {
2555 type => 'string',
2556 description => "the task ID.",
2557 },
2558 code => sub {
2559 my ($param) = @_;
2560
2561 my $rpcenv = PVE::RPCEnvironment::get();
2562
2563 my $authuser = $rpcenv->get_user();
2564
2565 my $node = extract_param($param, 'node');
2566
2567 my $vmid = extract_param($param, 'vmid');
2568
2569 my $digest = extract_param($param, 'digest');
2570
2571 my $disk = extract_param($param, 'disk');
2572
2573 my $storeid = extract_param($param, 'storage');
2574
2575 my $format = extract_param($param, 'format');
2576
2577 my $storecfg = PVE::Storage::config();
2578
2579 my $updatefn = sub {
2580
2581 my $conf = PVE::QemuConfig->load_config($vmid);
2582
2583 PVE::QemuConfig->check_lock($conf);
2584
2585 die "checksum missmatch (file change by other user?)\n"
2586 if $digest && $digest ne $conf->{digest};
2587
2588 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2589
2590 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2591
2592 my $old_volid = $drive->{file} || die "disk '$disk' has no associated volume\n";
2593
2594 die "you can't move a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2595
2596 my $oldfmt;
2597 my ($oldstoreid, $oldvolname) = PVE::Storage::parse_volume_id($old_volid);
2598 if ($oldvolname =~ m/\.(raw|qcow2|vmdk)$/){
2599 $oldfmt = $1;
2600 }
2601
2602 die "you can't move on the same storage with same format\n" if $oldstoreid eq $storeid &&
2603 (!$format || !$oldfmt || $oldfmt eq $format);
2604
2605 # this only checks snapshots because $disk is passed!
2606 my $snapshotted = PVE::QemuServer::is_volume_in_use($storecfg, $conf, $disk, $old_volid);
2607 die "you can't move a disk with snapshots and delete the source\n"
2608 if $snapshotted && $param->{delete};
2609
2610 PVE::Cluster::log_msg('info', $authuser, "move disk VM $vmid: move --disk $disk --storage $storeid");
2611
2612 my $running = PVE::QemuServer::check_running($vmid);
2613
2614 PVE::Storage::activate_volumes($storecfg, [ $drive->{file} ]);
2615
2616 my $realcmd = sub {
2617
2618 my $newvollist = [];
2619
2620 eval {
2621 local $SIG{INT} = $SIG{TERM} = $SIG{QUIT} = $SIG{HUP} = sub { die "interrupted by signal\n"; };
2622
2623 warn "moving disk with snapshots, snapshots will not be moved!\n"
2624 if $snapshotted;
2625
2626 my $newdrive = PVE::QemuServer::clone_disk($storecfg, $vmid, $running, $disk, $drive, undef,
2627 $vmid, $storeid, $format, 1, $newvollist);
2628
2629 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $newdrive);
2630
2631 PVE::QemuConfig->add_unused_volume($conf, $old_volid) if !$param->{delete};
2632
2633 PVE::QemuConfig->write_config($vmid, $conf);
2634
2635 eval {
2636 # try to deactivate volumes - avoid lvm LVs to be active on several nodes
2637 PVE::Storage::deactivate_volumes($storecfg, [ $newdrive->{file} ])
2638 if !$running;
2639 };
2640 warn $@ if $@;
2641 };
2642 if (my $err = $@) {
2643
2644 foreach my $volid (@$newvollist) {
2645 eval { PVE::Storage::vdisk_free($storecfg, $volid); };
2646 warn $@ if $@;
2647 }
2648 die "storage migration failed: $err";
2649 }
2650
2651 if ($param->{delete}) {
2652 eval {
2653 PVE::Storage::deactivate_volumes($storecfg, [$old_volid]);
2654 PVE::Storage::vdisk_free($storecfg, $old_volid);
2655 };
2656 warn $@ if $@;
2657 }
2658 };
2659
2660 return $rpcenv->fork_worker('qmmove', $vmid, $authuser, $realcmd);
2661 };
2662
2663 return PVE::QemuConfig->lock_config($vmid, $updatefn);
2664 }});
2665
2666 __PACKAGE__->register_method({
2667 name => 'migrate_vm',
2668 path => '{vmid}/migrate',
2669 method => 'POST',
2670 protected => 1,
2671 proxyto => 'node',
2672 description => "Migrate virtual machine. Creates a new migration task.",
2673 permissions => {
2674 check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
2675 },
2676 parameters => {
2677 additionalProperties => 0,
2678 properties => {
2679 node => get_standard_option('pve-node'),
2680 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2681 target => get_standard_option('pve-node', {
2682 description => "Target node.",
2683 completion => \&PVE::Cluster::complete_migration_target,
2684 }),
2685 online => {
2686 type => 'boolean',
2687 description => "Use online/live migration.",
2688 optional => 1,
2689 },
2690 force => {
2691 type => 'boolean',
2692 description => "Allow to migrate VMs which use local devices. Only root may use this option.",
2693 optional => 1,
2694 },
2695 migration_type => {
2696 type => 'string',
2697 enum => ['secure', 'insecure'],
2698 description => "Migration traffic is encrypted using an SSH " .
2699 "tunnel by default. On secure, completely private networks " .
2700 "this can be disabled to increase performance.",
2701 optional => 1,
2702 },
2703 migration_network => {
2704 type => 'string',
2705 format => 'CIDR',
2706 description => "CIDR of the (sub) network that is used for migration.",
2707 optional => 1,
2708 },
2709 },
2710 },
2711 returns => {
2712 type => 'string',
2713 description => "the task ID.",
2714 },
2715 code => sub {
2716 my ($param) = @_;
2717
2718 my $rpcenv = PVE::RPCEnvironment::get();
2719
2720 my $authuser = $rpcenv->get_user();
2721
2722 my $target = extract_param($param, 'target');
2723
2724 my $localnode = PVE::INotify::nodename();
2725 raise_param_exc({ target => "target is local node."}) if $target eq $localnode;
2726
2727 PVE::Cluster::check_cfs_quorum();
2728
2729 PVE::Cluster::check_node_exists($target);
2730
2731 my $targetip = PVE::Cluster::remote_node_ip($target);
2732
2733 my $vmid = extract_param($param, 'vmid');
2734
2735 raise_param_exc({ force => "Only root may use this option." })
2736 if $param->{force} && $authuser ne 'root@pam';
2737
2738 raise_param_exc({ migration_type => "Only root may use this option." })
2739 if $param->{migration_type} && $authuser ne 'root@pam';
2740
2741 # allow root only until better network permissions are available
2742 raise_param_exc({ migration_network => "Only root may use this option." })
2743 if $param->{migration_network} && $authuser ne 'root@pam';
2744
2745 # test if VM exists
2746 my $conf = PVE::QemuConfig->load_config($vmid);
2747
2748 # try to detect errors early
2749
2750 PVE::QemuConfig->check_lock($conf);
2751
2752 if (PVE::QemuServer::check_running($vmid)) {
2753 die "cant migrate running VM without --online\n"
2754 if !$param->{online};
2755 }
2756
2757 my $storecfg = PVE::Storage::config();
2758 PVE::QemuServer::check_storage_availability($storecfg, $conf, $target);
2759
2760 if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
2761
2762 my $hacmd = sub {
2763 my $upid = shift;
2764
2765 my $service = "vm:$vmid";
2766
2767 my $cmd = ['ha-manager', 'migrate', $service, $target];
2768
2769 print "Executing HA migrate for VM $vmid to node $target\n";
2770
2771 PVE::Tools::run_command($cmd);
2772
2773 return;
2774 };
2775
2776 return $rpcenv->fork_worker('hamigrate', $vmid, $authuser, $hacmd);
2777
2778 } else {
2779
2780 my $realcmd = sub {
2781 my $upid = shift;
2782
2783 PVE::QemuMigrate->migrate($target, $targetip, $vmid, $param);
2784 };
2785
2786 return $rpcenv->fork_worker('qmigrate', $vmid, $authuser, $realcmd);
2787 }
2788
2789 }});
2790
2791 __PACKAGE__->register_method({
2792 name => 'monitor',
2793 path => '{vmid}/monitor',
2794 method => 'POST',
2795 protected => 1,
2796 proxyto => 'node',
2797 description => "Execute Qemu monitor commands.",
2798 permissions => {
2799 check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
2800 },
2801 parameters => {
2802 additionalProperties => 0,
2803 properties => {
2804 node => get_standard_option('pve-node'),
2805 vmid => get_standard_option('pve-vmid'),
2806 command => {
2807 type => 'string',
2808 description => "The monitor command.",
2809 }
2810 },
2811 },
2812 returns => { type => 'string'},
2813 code => sub {
2814 my ($param) = @_;
2815
2816 my $vmid = $param->{vmid};
2817
2818 my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists
2819
2820 my $res = '';
2821 eval {
2822 $res = PVE::QemuServer::vm_human_monitor_command($vmid, $param->{command});
2823 };
2824 $res = "ERROR: $@" if $@;
2825
2826 return $res;
2827 }});
2828
2829 __PACKAGE__->register_method({
2830 name => 'resize_vm',
2831 path => '{vmid}/resize',
2832 method => 'PUT',
2833 protected => 1,
2834 proxyto => 'node',
2835 description => "Extend volume size.",
2836 permissions => {
2837 check => ['perm', '/vms/{vmid}', [ 'VM.Config.Disk' ]],
2838 },
2839 parameters => {
2840 additionalProperties => 0,
2841 properties => {
2842 node => get_standard_option('pve-node'),
2843 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2844 skiplock => get_standard_option('skiplock'),
2845 disk => {
2846 type => 'string',
2847 description => "The disk you want to resize.",
2848 enum => [PVE::QemuServer::valid_drive_names()],
2849 },
2850 size => {
2851 type => 'string',
2852 pattern => '\+?\d+(\.\d+)?[KMGT]?',
2853 description => "The new size. With the '+' sign the value is added to the actual size of the volume and without it, the value is taken as an absolute one. Shrinking disk size is not supported.",
2854 },
2855 digest => {
2856 type => 'string',
2857 description => 'Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.',
2858 maxLength => 40,
2859 optional => 1,
2860 },
2861 },
2862 },
2863 returns => { type => 'null'},
2864 code => sub {
2865 my ($param) = @_;
2866
2867 my $rpcenv = PVE::RPCEnvironment::get();
2868
2869 my $authuser = $rpcenv->get_user();
2870
2871 my $node = extract_param($param, 'node');
2872
2873 my $vmid = extract_param($param, 'vmid');
2874
2875 my $digest = extract_param($param, 'digest');
2876
2877 my $disk = extract_param($param, 'disk');
2878
2879 my $sizestr = extract_param($param, 'size');
2880
2881 my $skiplock = extract_param($param, 'skiplock');
2882 raise_param_exc({ skiplock => "Only root may use this option." })
2883 if $skiplock && $authuser ne 'root@pam';
2884
2885 my $storecfg = PVE::Storage::config();
2886
2887 my $updatefn = sub {
2888
2889 my $conf = PVE::QemuConfig->load_config($vmid);
2890
2891 die "checksum missmatch (file change by other user?)\n"
2892 if $digest && $digest ne $conf->{digest};
2893 PVE::QemuConfig->check_lock($conf) if !$skiplock;
2894
2895 die "disk '$disk' does not exist\n" if !$conf->{$disk};
2896
2897 my $drive = PVE::QemuServer::parse_drive($disk, $conf->{$disk});
2898
2899 my (undef, undef, undef, undef, undef, undef, $format) =
2900 PVE::Storage::parse_volname($storecfg, $drive->{file});
2901
2902 die "can't resize volume: $disk if snapshot exists\n"
2903 if %{$conf->{snapshots}} && $format eq 'qcow2';
2904
2905 my $volid = $drive->{file};
2906
2907 die "disk '$disk' has no associated volume\n" if !$volid;
2908
2909 die "you can't resize a cdrom\n" if PVE::QemuServer::drive_is_cdrom($drive);
2910
2911 my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid);
2912
2913 $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
2914
2915 PVE::Storage::activate_volumes($storecfg, [$volid]);
2916 my $size = PVE::Storage::volume_size_info($storecfg, $volid, 5);
2917
2918 die "internal error" if $sizestr !~ m/^(\+)?(\d+(\.\d+)?)([KMGT])?$/;
2919 my ($ext, $newsize, $unit) = ($1, $2, $4);
2920 if ($unit) {
2921 if ($unit eq 'K') {
2922 $newsize = $newsize * 1024;
2923 } elsif ($unit eq 'M') {
2924 $newsize = $newsize * 1024 * 1024;
2925 } elsif ($unit eq 'G') {
2926 $newsize = $newsize * 1024 * 1024 * 1024;
2927 } elsif ($unit eq 'T') {
2928 $newsize = $newsize * 1024 * 1024 * 1024 * 1024;
2929 }
2930 }
2931 $newsize += $size if $ext;
2932 $newsize = int($newsize);
2933
2934 die "unable to skrink disk size\n" if $newsize < $size;
2935
2936 return if $size == $newsize;
2937
2938 PVE::Cluster::log_msg('info', $authuser, "update VM $vmid: resize --disk $disk --size $sizestr");
2939
2940 PVE::QemuServer::qemu_block_resize($vmid, "drive-$disk", $storecfg, $volid, $newsize);
2941
2942 $drive->{size} = $newsize;
2943 $conf->{$disk} = PVE::QemuServer::print_drive($vmid, $drive);
2944
2945 PVE::QemuConfig->write_config($vmid, $conf);
2946 };
2947
2948 PVE::QemuConfig->lock_config($vmid, $updatefn);
2949 return undef;
2950 }});
2951
2952 __PACKAGE__->register_method({
2953 name => 'snapshot_list',
2954 path => '{vmid}/snapshot',
2955 method => 'GET',
2956 description => "List all snapshots.",
2957 permissions => {
2958 check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
2959 },
2960 proxyto => 'node',
2961 protected => 1, # qemu pid files are only readable by root
2962 parameters => {
2963 additionalProperties => 0,
2964 properties => {
2965 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
2966 node => get_standard_option('pve-node'),
2967 },
2968 },
2969 returns => {
2970 type => 'array',
2971 items => {
2972 type => "object",
2973 properties => {},
2974 },
2975 links => [ { rel => 'child', href => "{name}" } ],
2976 },
2977 code => sub {
2978 my ($param) = @_;
2979
2980 my $vmid = $param->{vmid};
2981
2982 my $conf = PVE::QemuConfig->load_config($vmid);
2983 my $snaphash = $conf->{snapshots} || {};
2984
2985 my $res = [];
2986
2987 foreach my $name (keys %$snaphash) {
2988 my $d = $snaphash->{$name};
2989 my $item = {
2990 name => $name,
2991 snaptime => $d->{snaptime} || 0,
2992 vmstate => $d->{vmstate} ? 1 : 0,
2993 description => $d->{description} || '',
2994 };
2995 $item->{parent} = $d->{parent} if $d->{parent};
2996 $item->{snapstate} = $d->{snapstate} if $d->{snapstate};
2997 push @$res, $item;
2998 }
2999
3000 my $running = PVE::QemuServer::check_running($vmid, 1) ? 1 : 0;
3001 my $current = { name => 'current', digest => $conf->{digest}, running => $running };
3002 $current->{parent} = $conf->{parent} if $conf->{parent};
3003
3004 push @$res, $current;
3005
3006 return $res;
3007 }});
3008
3009 __PACKAGE__->register_method({
3010 name => 'snapshot',
3011 path => '{vmid}/snapshot',
3012 method => 'POST',
3013 protected => 1,
3014 proxyto => 'node',
3015 description => "Snapshot a VM.",
3016 permissions => {
3017 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3018 },
3019 parameters => {
3020 additionalProperties => 0,
3021 properties => {
3022 node => get_standard_option('pve-node'),
3023 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3024 snapname => get_standard_option('pve-snapshot-name'),
3025 vmstate => {
3026 optional => 1,
3027 type => 'boolean',
3028 description => "Save the vmstate",
3029 },
3030 description => {
3031 optional => 1,
3032 type => 'string',
3033 description => "A textual description or comment.",
3034 },
3035 },
3036 },
3037 returns => {
3038 type => 'string',
3039 description => "the task ID.",
3040 },
3041 code => sub {
3042 my ($param) = @_;
3043
3044 my $rpcenv = PVE::RPCEnvironment::get();
3045
3046 my $authuser = $rpcenv->get_user();
3047
3048 my $node = extract_param($param, 'node');
3049
3050 my $vmid = extract_param($param, 'vmid');
3051
3052 my $snapname = extract_param($param, 'snapname');
3053
3054 die "unable to use snapshot name 'current' (reserved name)\n"
3055 if $snapname eq 'current';
3056
3057 my $realcmd = sub {
3058 PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: $snapname");
3059 PVE::QemuConfig->snapshot_create($vmid, $snapname, $param->{vmstate},
3060 $param->{description});
3061 };
3062
3063 return $rpcenv->fork_worker('qmsnapshot', $vmid, $authuser, $realcmd);
3064 }});
3065
3066 __PACKAGE__->register_method({
3067 name => 'snapshot_cmd_idx',
3068 path => '{vmid}/snapshot/{snapname}',
3069 description => '',
3070 method => 'GET',
3071 permissions => {
3072 user => 'all',
3073 },
3074 parameters => {
3075 additionalProperties => 0,
3076 properties => {
3077 vmid => get_standard_option('pve-vmid'),
3078 node => get_standard_option('pve-node'),
3079 snapname => get_standard_option('pve-snapshot-name'),
3080 },
3081 },
3082 returns => {
3083 type => 'array',
3084 items => {
3085 type => "object",
3086 properties => {},
3087 },
3088 links => [ { rel => 'child', href => "{cmd}" } ],
3089 },
3090 code => sub {
3091 my ($param) = @_;
3092
3093 my $res = [];
3094
3095 push @$res, { cmd => 'rollback' };
3096 push @$res, { cmd => 'config' };
3097
3098 return $res;
3099 }});
3100
3101 __PACKAGE__->register_method({
3102 name => 'update_snapshot_config',
3103 path => '{vmid}/snapshot/{snapname}/config',
3104 method => 'PUT',
3105 protected => 1,
3106 proxyto => 'node',
3107 description => "Update snapshot metadata.",
3108 permissions => {
3109 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3110 },
3111 parameters => {
3112 additionalProperties => 0,
3113 properties => {
3114 node => get_standard_option('pve-node'),
3115 vmid => get_standard_option('pve-vmid'),
3116 snapname => get_standard_option('pve-snapshot-name'),
3117 description => {
3118 optional => 1,
3119 type => 'string',
3120 description => "A textual description or comment.",
3121 },
3122 },
3123 },
3124 returns => { type => 'null' },
3125 code => sub {
3126 my ($param) = @_;
3127
3128 my $rpcenv = PVE::RPCEnvironment::get();
3129
3130 my $authuser = $rpcenv->get_user();
3131
3132 my $vmid = extract_param($param, 'vmid');
3133
3134 my $snapname = extract_param($param, 'snapname');
3135
3136 return undef if !defined($param->{description});
3137
3138 my $updatefn = sub {
3139
3140 my $conf = PVE::QemuConfig->load_config($vmid);
3141
3142 PVE::QemuConfig->check_lock($conf);
3143
3144 my $snap = $conf->{snapshots}->{$snapname};
3145
3146 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3147
3148 $snap->{description} = $param->{description} if defined($param->{description});
3149
3150 PVE::QemuConfig->write_config($vmid, $conf);
3151 };
3152
3153 PVE::QemuConfig->lock_config($vmid, $updatefn);
3154
3155 return undef;
3156 }});
3157
3158 __PACKAGE__->register_method({
3159 name => 'get_snapshot_config',
3160 path => '{vmid}/snapshot/{snapname}/config',
3161 method => 'GET',
3162 proxyto => 'node',
3163 description => "Get snapshot configuration",
3164 permissions => {
3165 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3166 },
3167 parameters => {
3168 additionalProperties => 0,
3169 properties => {
3170 node => get_standard_option('pve-node'),
3171 vmid => get_standard_option('pve-vmid'),
3172 snapname => get_standard_option('pve-snapshot-name'),
3173 },
3174 },
3175 returns => { type => "object" },
3176 code => sub {
3177 my ($param) = @_;
3178
3179 my $rpcenv = PVE::RPCEnvironment::get();
3180
3181 my $authuser = $rpcenv->get_user();
3182
3183 my $vmid = extract_param($param, 'vmid');
3184
3185 my $snapname = extract_param($param, 'snapname');
3186
3187 my $conf = PVE::QemuConfig->load_config($vmid);
3188
3189 my $snap = $conf->{snapshots}->{$snapname};
3190
3191 die "snapshot '$snapname' does not exist\n" if !defined($snap);
3192
3193 return $snap;
3194 }});
3195
3196 __PACKAGE__->register_method({
3197 name => 'rollback',
3198 path => '{vmid}/snapshot/{snapname}/rollback',
3199 method => 'POST',
3200 protected => 1,
3201 proxyto => 'node',
3202 description => "Rollback VM state to specified snapshot.",
3203 permissions => {
3204 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3205 },
3206 parameters => {
3207 additionalProperties => 0,
3208 properties => {
3209 node => get_standard_option('pve-node'),
3210 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3211 snapname => get_standard_option('pve-snapshot-name'),
3212 },
3213 },
3214 returns => {
3215 type => 'string',
3216 description => "the task ID.",
3217 },
3218 code => sub {
3219 my ($param) = @_;
3220
3221 my $rpcenv = PVE::RPCEnvironment::get();
3222
3223 my $authuser = $rpcenv->get_user();
3224
3225 my $node = extract_param($param, 'node');
3226
3227 my $vmid = extract_param($param, 'vmid');
3228
3229 my $snapname = extract_param($param, 'snapname');
3230
3231 my $realcmd = sub {
3232 PVE::Cluster::log_msg('info', $authuser, "rollback snapshot VM $vmid: $snapname");
3233 PVE::QemuConfig->snapshot_rollback($vmid, $snapname);
3234 };
3235
3236 return $rpcenv->fork_worker('qmrollback', $vmid, $authuser, $realcmd);
3237 }});
3238
3239 __PACKAGE__->register_method({
3240 name => 'delsnapshot',
3241 path => '{vmid}/snapshot/{snapname}',
3242 method => 'DELETE',
3243 protected => 1,
3244 proxyto => 'node',
3245 description => "Delete a VM snapshot.",
3246 permissions => {
3247 check => ['perm', '/vms/{vmid}', [ 'VM.Snapshot' ]],
3248 },
3249 parameters => {
3250 additionalProperties => 0,
3251 properties => {
3252 node => get_standard_option('pve-node'),
3253 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid }),
3254 snapname => get_standard_option('pve-snapshot-name'),
3255 force => {
3256 optional => 1,
3257 type => 'boolean',
3258 description => "For removal from config file, even if removing disk snapshots fails.",
3259 },
3260 },
3261 },
3262 returns => {
3263 type => 'string',
3264 description => "the task ID.",
3265 },
3266 code => sub {
3267 my ($param) = @_;
3268
3269 my $rpcenv = PVE::RPCEnvironment::get();
3270
3271 my $authuser = $rpcenv->get_user();
3272
3273 my $node = extract_param($param, 'node');
3274
3275 my $vmid = extract_param($param, 'vmid');
3276
3277 my $snapname = extract_param($param, 'snapname');
3278
3279 my $realcmd = sub {
3280 PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM $vmid: $snapname");
3281 PVE::QemuConfig->snapshot_delete($vmid, $snapname, $param->{force});
3282 };
3283
3284 return $rpcenv->fork_worker('qmdelsnapshot', $vmid, $authuser, $realcmd);
3285 }});
3286
3287 __PACKAGE__->register_method({
3288 name => 'template',
3289 path => '{vmid}/template',
3290 method => 'POST',
3291 protected => 1,
3292 proxyto => 'node',
3293 description => "Create a Template.",
3294 permissions => {
3295 description => "You need 'VM.Allocate' permissions on /vms/{vmid}",
3296 check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
3297 },
3298 parameters => {
3299 additionalProperties => 0,
3300 properties => {
3301 node => get_standard_option('pve-node'),
3302 vmid => get_standard_option('pve-vmid', { completion => \&PVE::QemuServer::complete_vmid_stopped }),
3303 disk => {
3304 optional => 1,
3305 type => 'string',
3306 description => "If you want to convert only 1 disk to base image.",
3307 enum => [PVE::QemuServer::valid_drive_names()],
3308 },
3309
3310 },
3311 },
3312 returns => { type => 'null'},
3313 code => sub {
3314 my ($param) = @_;
3315
3316 my $rpcenv = PVE::RPCEnvironment::get();
3317
3318 my $authuser = $rpcenv->get_user();
3319
3320 my $node = extract_param($param, 'node');
3321
3322 my $vmid = extract_param($param, 'vmid');
3323
3324 my $disk = extract_param($param, 'disk');
3325
3326 my $updatefn = sub {
3327
3328 my $conf = PVE::QemuConfig->load_config($vmid);
3329
3330 PVE::QemuConfig->check_lock($conf);
3331
3332 die "unable to create template, because VM contains snapshots\n"
3333 if $conf->{snapshots} && scalar(keys %{$conf->{snapshots}});
3334
3335 die "you can't convert a template to a template\n"
3336 if PVE::QemuConfig->is_template($conf) && !$disk;
3337
3338 die "you can't convert a VM to template if VM is running\n"
3339 if PVE::QemuServer::check_running($vmid);
3340
3341 my $realcmd = sub {
3342 PVE::QemuServer::template_create($vmid, $conf, $disk);
3343 };
3344
3345 $conf->{template} = 1;
3346 PVE::QemuConfig->write_config($vmid, $conf);
3347
3348 return $rpcenv->fork_worker('qmtemplate', $vmid, $authuser, $realcmd);
3349 };
3350
3351 PVE::QemuConfig->lock_config($vmid, $updatefn);
3352 return undef;
3353 }});
3354
3355 1;
Virtual Machine Manager